CVE-2026-48567

10.0 CRITICAL

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network

Published: 2026-06-04 · Last updated: 2026-06-05

Severity and scoring

Vendor	Product
microsoft	azure_horizondb

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.

Source: NVD

Same vendor

CVE-2026-48579 — Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network (9.1 CRITICAL)
CVE-2026-47644 — Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allow... (6.5 MEDIUM)
CVE-2026-45497 — Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to... (7.7 HIGH)
CVE-2026-42824 — Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to di... (6.5 MEDIUM)
CVE-2026-47294 — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network (8.0 HIGH)

Same CWE

CVE-2026-11019 — Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised... (6.5 MEDIUM)
CVE-2026-11001 — Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage... (6.5 MEDIUM)
CVE-2026-8644 — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing (9.1 CRITICAL)
CVE-2026-42674 — Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding (7.5 HIGH)
CVE-2026-47123 — FreeScout is a free help desk and shared inbox built with PHP's Laravel framework (7.5 HIGH)