CVE-2026-42823

Daily digests

An authenticated user in Azure Logic Apps can exploit broken access controls to escalate their privileges over the network. CVSS 9.9 signals near-total impact. If an attacker already has a foothold in your Azure tenant, they could use this to gain control well beyond their assigned role.

• Patch Tuesday · May 13, 2026

  Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more