Azure AKS Backup Privilege Flaw: Silent Patch Suspected, No CVE Issued

May 17, 2026 at 08:01 AM

•

1 min read

Azure AKS Backup Privilege Flaw: Silent Patch Suspected, No CVE Issued — Photo: BleepingComputer

TL;DR Summary

Security researcher Justin O'Leary alleges a critical privilege-escalation flaw in Azure Backup for AKS could let a low-privileged user become cluster-admin via Trusted Access; Microsoft rejected the report as expected behavior with no product changes and blocked CVE issuance, while CERT/CC independently validated the bug and assigned VU#284781. After disclosure, Microsoft reportedly changed behavior and added permission checks, suggesting a silent patch; no public advisory or CVE was issued, leaving defenders with limited visibility into exposure and remediation timelines.

Topics:technology #azure #cve #disclosure #security #vulnerability

Share this article

Microsoft rejects critical Azure vulnerability report, no CVE issued BleepingComputer

Reading Insights

Total Reads

Unique Readers

Time Saved

5 min

vs 6 min read

Condensed

93%

1,080 → 79 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights