CVE-2026-33109

CRITICAL

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

CVSS v3.1 Score

9.9

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 5/7/2026Modified: 5/8/2026

Related Intelligence (2)

CRITICALAi

Patch Tuesday - May 2026

Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above. Windows Netlogon: critical RCE Anyone responsible for securing a domain con

CVE-2026-41089CVE-2020-1472

5d agoRapid7

CRITICALVulnerability

NVD CRITICAL: CVE-2026-33109 — Improper access control in Azure Managed Instance for Apache Cassandra allows an...

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

CVE-2026-33109

May 7, 2026NIST NVD

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33109Vendor Advisory