🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-45499 is a server-side request forgery (SSRF) vulnerability in Azure OpenAI that allows an already-authenticated attacker to escalate their privileges over a network. SSRF flaws can be used to make the vulnerable service send requests on the attacker’s behalf, potentially accessing internal resources or metadata endpoints that should be off-limits. Because the attacker only needs existing authorised access to exploit this, the risk to organisations using Azure OpenAI in production environments is significant.

Security Architect’s Take: Review and tighten network perimeter controls around your Azure OpenAI deployments, particularly egress rules and private endpoint configurations, while awaiting Microsoft’s patch. Audit current role assignments to ensure least-privilege access, reducing the impact of any privilege escalation attempt.

Original advisory: CVE-2026-45499 Azure OpenAI Elevation of Privilege Vulnerability