// MicrosoftHIGH
Microsoft disclosed CVE-2026-41105, a server-side request forgery (SSRF) vulnerability in the Azure Monitor Action Group notification system (Azure Notification Service), published on 2026-05-07. The flaw allows an authorized attacker with low privileges to elevate privileges over the network, with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). No exploitation has been observed in the wild at this time, and Microsoft has issued guidance via MSRC. The other sources in the batch concern an unrelated Linux kernel issue (Dirty Frag) and are not relevant to Microsoft.
// Get alerts for Microsoft