A vulnerability in Microsoft Azure Cost Management allows an unauthenticated attacker to access sensitive financial or usage information over a network. The flaw exists within the Cost Management Interactive Experiences component and requires no user interaction or prior authentication to exploit. This is concerning as billing and cost data can expose details about an organisation’s cloud resource footprint, spending patterns, and potentially sensitive infrastructure configurations.

Security Architect’s Take: Review access controls and network exposure for Azure Cost Management portals and APIs; ensure Cost Management scopes are restricted to authorised identities via Azure RBAC and confirm that no public-facing Cost Management Interactive Experience endpoints are unnecessarily exposed while Microsoft’s patch is applied.

Original advisory: CVE-2026-47633 Microsoft Cost Management Information Disclosure Vulnerability