🟠 High | Source: Microsoft Security Response Center
A vulnerability in Microsoft Azure Synapse Analytics allows an attacker who already has some level of authorised access to gain higher privileges than intended, purely over the network. This is concerning because Azure Synapse often holds sensitive data pipelines and analytics workloads, meaning privilege escalation could expose critical data assets or enable lateral movement. Microsoft has issued a patch as part of their security update guidance.
Security Architect’s Take: Review and apply Microsoft’s patch for CVE-2026-26145 immediately, prioritising Synapse workspaces that handle sensitive or regulated data. In parallel, audit Synapse RBAC assignments and network access controls to ensure the principle of least privilege is enforced, reducing the blast radius if any authorised account is compromised.
Original advisory: CVE-2026-26145 Microsoft Azure Synapse Elevation of Privilege Vulnerability