External risk intelligence
Azure AI Foundry M365 agents could allow external attackers to gain administrative access.
Azure AI Foundry M365 agents could allow external attackers to gain administrative access. This could result in a loss of control over your systems, potentially impacting administrative functions and operational security.
CVE-2026-35435
Exposure facts
H – Horizon Alert
A security vulnerability has been identified within Azure AI Foundry M365 published agents due to improper access controls. This issue could allow an unauthorized individual to elevate their privileges over the network. This is a business concern because it could potentially enable an unauthorized party to obtain system access rights that exceed their authorized permissions.
A – Asset Exposure
This vulnerability affects Azure AI Foundry M365 published agents, which are utilized to manage AI-driven workflows within your network. Because these agents communicate over the network, an actor with existing network connectivity could potentially exploit this configuration flaw. The primary impact is a risk of elevated privileges, which may allow unauthorized users to gain admin access or compromise the integrity of the agent's operations.
L – Live Threat
The available context does not indicate active exploitation or observed targeting of this vulnerability. Current analysis suggests the likelihood of exploitation remains low. Accordingly, there is no evidence of widespread threat activity associated with this issue at this time.
O – Operational Fix
To address the potential access control concerns regarding Azure AI Foundry M365 published agents, please review the official guidance provided by the vendor. We recommend that your technical teams visit the Microsoft Security Response Center update guide to apply any necessary updates or configuration adjustments. Prioritizing this review will help ensure that your deployments remain properly secured in alignment with vendor recommendations.