CVE-2026-26135

HIGH WAF: Medium

CVSS 8.8 Published: 2026-04-03

CWE-918

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.

WAF Coverage Analysis

Server-Side Request Forgery (SSRF) Medium WAF Coverage

OWASP: A10:2021 SSRF

934xxx - Node.js / Generic Injection

Affected Software

Vendor	Product	Version
microsoft	azure_custom_locations_resource_provider	-

References

msrc.microsoft.com (Vendor Advisory)

Back to CVE Database