ctipilot.ch

Microsoft Azure Local Disconnected Operations (ALDO) — CVSS 10.0 unauthenticated network elevation-of-privilege; MSRC Exploitation More Likely

cve · CVE-2026-42822 single-source

Coverage timeline
2
first 2026-05-18 → last 2026-05-25
Entries
2
2 distinct days
Sources cited
1
1 hosts
Sections touched
2
trending-vulnerabilities, weekly-vuln-rollup
Co-occurring entities
0
no co-occurrence

Story timeline

  1. 2026-05-21CVE-2026-42822 — Microsoft Azure Local Disconnected Operations (ALDO): CVSS 10.0 unauthenticated network elevation-of-privilege, "Exploitation More Likely"
    trending-vulnerabilitiesCVE-2026-42822 — Microsoft Azure Local Disconnected Operations (ALDO): CVSS 10.0 unauthenticated network elevation-of-privilege, "Exploitation More Likely"
  2. 2026-05-18CVE-2026-42822 — Azure Local Disconnected Operations: CVSS 10.0 unauthenticated network elevation-of-privilege
    weekly-vuln-rollupCVE-2026-42822 — Azure Local Disconnected Operations: CVSS 10.0 unauthenticated network elevation-of-privilege

Where this entity is cited

  • weekly-vuln-rollup1
  • trending-vulnerabilities1

Source distribution

  • msrc.microsoft.com1 (100%)

Entries about Microsoft Azure Local Disconnected Operations (ALDO) — CVSS 10.0 unauthenticated network elevation-of-privilege; MSRC Exploitation More Likely (2)

2026-05-21 · view entry permalink →

CVE-2026-42822 — Microsoft Azure Local Disconnected Operations (ALDO): CVSS 10.0 unauthenticated network elevation-of-privilege, "Exploitation More Likely"

high vulnerability discovered 2026-05-21 05:00 UTC single-source

Microsoft assigned CVE-2026-42822 (CVSS 3.1 = 10.0, CWE-287 Improper Authentication, vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) to an authentication-bypass flaw in Azure Local Disconnected Operations (ALDO) — Microsoft's solution for running Azure services in air-gapped or partially-disconnected infrastructure environments — that allows an unauthorised network attacker to elevate privileges over a network with no credentials and no prior foothold (Microsoft MSRC, 2026-05-18). MSRC rates "Exploitation More Likely"; no in-the-wild exploitation observed and no public PoC at advisory release. Cloud-managed Azure customers using Microsoft-operated Resource Manager environments are already protected — only manually-operated air-gapped Azure Local stacks need action. Remediation requires upgrading ALDO to version 2604 or later via the standard ALDO update channel. Defender takeaway: EU public-sector operators running Azure Local for data-sovereignty / federal data-residency compliance (a common pattern in Bundesverwaltung and German Bundesbehörden environments) should treat this as a Patch-Tuesday-class emergency on disconnected infrastructure where update cadence is typically slower than cloud-managed Azure. Restrict the ALDO management plane to admin-only OOB subnets until v2604 is installed.

vulnerabilities cloud auth-bypass priv-esc global CVE-2026-42822

2026-05-18 · view entry permalink →

CVE-2026-42822 — Azure Local Disconnected Operations: CVSS 10.0 unauthenticated network elevation-of-privilege

notable vulnerability discovered 2026-05-18 05:00 UTC single-source

Microsoft assigned CVE-2026-42822 (CVSS 10.0, CWE-287 Improper Authentication, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) to an authentication-bypass flaw in Azure Local Disconnected Operations (ALDO), rated "Exploitation More Likely." ALDO is the air-gapped/sovereign-cloud deployment mode that public-sector and regulated operators specifically choose for data-residency reasons — so this CVSS-10 bug lands squarely on the deployments most likely to hold sensitive workloads. No confirmed exploitation; treat as a high-priority patch given the "More Likely" rating and the sovereign-deployment exposure.

vulnerabilities cloud auth-bypass priv-esc global CVE-2026-42822