Home / Vulnerability Intelligence / CVE-2026-24303

CVE-2026-24303 - Vulnerability Analysis

CriticalCVSS: 9.6

Last Updated: April 24, 2026

Microsoft Partner Center - Privilege Escalation

Published: April 23, 2026Updated: April 24, 2026Remote Exploitable

Overview

Microsoft Partner Center contains a broken access control vulnerability that allows authorized attackers to elevate privileges over a network, exploit requires attacker to be authorized.

Severity & Score

Severity: Critical

CVSS Score: 9.6

EPSS Score: 4.9%(Probability of exploitation in next 30 days)

Impact

Authorized attackers can elevate their privileges, potentially gaining unauthorized access to sensitive functions or data.

Mitigation

Update to the latest version of Microsoft Partner Center.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24303

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 25, 2026

🔴 CVE-2026-24303 - Critical (9.6) Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24303/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-24303
Severity: Critical
CVSS Score: 9.6
Type: broken_access_control
Status: unconfirmed
EPSS: 4.9%
Social Posts: 1

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

EPSS Score

4.9%Probability of exploitation in the next 30 days