Agents
Microsoft May Patch Tuesday Includes CVE-2026-35435: Azure AI Foundry Agent Privilege Escalation (CVSS 8.6)
Microsoft's May 13 Patch Tuesday fixes 120 vulnerabilities including CVE-2026-35435, a Critical elevation-of-privilege flaw (CVSS 8.6) in Azure AI Foundry M365 published agents. An unauthenticated attacker with network access can exploit improper access controls to elevate privileges across the network. The total release includes 29 critical RCEs. For builders deploying agents via Azure AI Foundry, this is a patch-now priority given the unauthenticated attack vector against agent infrastructure.
↳ Follow the thread