NVD CRITICAL: CVE-2026-26135 — Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (...

Friday, April 3, 2026 at 12:16 AM UTC·Source: NIST NVD

Updated: Friday, April 3, 2026 at 01:53 PM UTC

Executive Summary

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.

Analysis

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network. CVSS Score: 9.6. Published: 2026-04-03T00:16:04.353.

Indicators of Compromise (1)

CVE (1)

CVE-2026-26135

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on Apr 3, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Inconsistent Privacy Labels Don't Tell Users What They Are Getting

Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough.

3h agoDark Reading

MEDIUMVulnerability

LinkedIn secretely scans for 6,000+ Chrome extensions, collects data

A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...]

4h agoBleepingComputer

MEDIUMVulnerability

FCC proposes $4.5 million fine for voice service provider hosting ‘suspicious’ foreign call traffic

Voxbeam’s actions allegedly led to “financial impersonation robocalls” that were made to American consumers “ using “non-compliant and long dormant accounts,” the FCC said.

4h agoThe Record