Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.
An attacker can remotely impersonate an authorized identity (spoofing), bypassing Azure HorizonDB authentication mechanisms without possessing any credentials. The vulnerability does not require user interaction or specific network conditions (low attack complexity, no required privileges). Successful exploitation of the vulnerability causes privilege escalation in a context that exceeds the original resource scope (Scope: Changed).
An attacker can obtain elevated privileges in the Azure HorizonDB service, leading to unauthorized data modification or disruption of service availability (high impact on integrity and availability).
Apply patches available from the manufacturer according to the references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48567
Microsoft Azure HorizonDB — versions indicated in the manufacturer's references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:HMicrosoft Azure Horizondb
APPMicrosoftwszystkie wersje
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
RCE przez deserializację niezaufanych danych w Microsoft SharePoint Server
RCE w Windows Server Update Service (WSUS) — deserializacja danych
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
RCE przez deserialization w Microsoft SharePoint Server (on-premises)