Agents
Azure SRE Agent CVE-2026-32173 (CVSS 8.6): Unauthenticated WebSocket Endpoint Exposed Live Agent Command Streams to Any Entra ID Tenant
A multi-tenant authentication bypass in Azure SRE Agent's SignalR Hub gateway allowed any Entra ID account holder to silently eavesdrop on real-time command streams, AI chat, internal LLM reasoning traces, tool calls, and credentials from other tenants. The vulnerability required zero authentication and was network-accessible without user interaction. Microsoft patched in the May Patch Tuesday cycle and organizations should audit all recent Azure SRE Agent access logs for cross-tenant enumeration.
Source
↳ Follow the thread