CVE-2026-33117

Daily digests

A broken authentication mechanism in the Azure SDK lets an unauthenticated attacker bypass security features over the network. CVSS 9.1. If your applications use the Azure SDK for auth, an attacker could potentially skip authentication checks entirely. The blast radius depends on what your app protects, but the SDK is everywhere.

• Patch Tuesday · May 13, 2026

  Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more