{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26150", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-02-11T16:24:51.135Z", "datePublished": "2026-04-23T21:37:40.463Z", "dateUpdated": "2026-05-12T17:39:54.370Z"}, "containers": {"cna": {"title": "Microsoft Purview eDiscovery Elevation of Privilege Vulnerability", "datePublic": "2026-04-23T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_purview_ediscovery:*:*:*:*:*:*:*:*", "versionStartIncluding": "-"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Purview eDiscovery", "versions": [{"version": "-", "status": "affected"}]}], "descriptions": [{"value": "Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-918: Server-Side Request Forgery (SSRF)", "lang": "en-US", "type": "CWE", "cweId": "CWE-918"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:39:54.370Z"}, "references": [{"name": "Microsoft Purview eDiscovery Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26150"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C"}}], "tags": ["exclusively-hosted-service"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T03:55:28.733408Z", "id": "CVE-2026-26150", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:49:17.031Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26150", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-28T03:55:28.733408Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T14:55:12.221Z"}}], "cna": {"tags": ["exclusively-hosted-service"], "title": "Microsoft Purview eDiscovery Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Purview eDiscovery", "versions": [{"status": "affected", "version": "-"}]}], "datePublic": "2026-04-23T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26150", "name": "Microsoft Purview eDiscovery Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office_purview_ediscovery:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "-"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:39:54.370Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26150", "state": "PUBLISHED", "dateUpdated": "2026-05-12T17:39:54.370Z", "dateReserved": "2026-02-11T16:24:51.135Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-23T21:37:40.463Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:purview_ediscovery:-:*:*:*:*:*:*:*", "matchCriteriaId": "4FC80C46-BC0F-49D4-AA4A-3DB3FF2FF538", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "secure@microsoft.com", "tags": ["exclusively-hosted-service"]}], "descriptions": [{"lang": "en", "value": "Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network."}], "id": "CVE-2026-26150", "lastModified": "2026-04-29T19:10:35.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-23T22:16:23.177", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26150"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft Purview eDiscovery", "source": "cna", "vendor": "Microsoft"}, "product": "office_purview_ediscovery", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-28T07:22:57.489138+00:00", "value": {"mitigation_remediation": ["Apply the Microsoft security update for CVE\u20112026\u201126150 as soon as it is available.", "Restrict network access to the Purview eDiscovery service, allowing only trusted internal IP ranges or VPNs.", "If an immediate patch is not possible, use the WAF or firewall to block outbound HTTP requests originating from Purview that target internal endpoints or block the SSRF entry points.", "Monitor Purview logs for unauthorized outbound requests and raise alerts."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation via SSRF"}, "threat_synthesis": {"affected_systems": "Microsoft Purview eDiscovery is the affected product. The vulnerability applies to all installed versions for which the vendor has not yet released an update, as no specific version range is provided in the CNA data. Users should check the Microsoft Security Update Guide for the latest fix.", "description_and_impact": "The vulnerability is a server\u2011side request forgery that allows an attacker with unauthorized access to send crafted HTTP requests to internal resources within the Microsoft Purview eDiscovery service. This flaw can lead to privilege escalation, allowing the attacker to gain higher level permissions than permitted by their original credentials. The weakness corresponds to CWE\u2011918, a form of SSRF.", "risk_and_exploitability": "The CVSS score of 8.6 indicates high severity. The EPSS score of less than 1\u202f% suggests that the probability of exploitation in the wild is low at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the flaw can be exploited remotely if the Purview service is reachable from the attacker\u2019s network, enabling an elevation of privilege. An attacker would need to craft a request that causes the service to fetch a resource internally, thereby bypassing authentication checks."}}}}, "created": "2026-04-27T22:15:14.795125+00:00", "updated": "2026-04-28T07:30:26.328771+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$office_purview_ediscovery"]}