CVE-2026-42151

Daily digests

Prometheus exposes Azure AD OAuth client secrets through its configuration API. Anyone who can query that API endpoint can grab the secret and use it to authenticate as the Prometheus service account against Azure AD. If your Prometheus config API is reachable by untrusted users or exposed to the network, treat the affected client secrets as compromised.

• Patch Tuesday · May 13, 2026

  Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more