Home / Vulnerability Intelligence / CVE-2026-33107

CVE-2026-33107 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: April 3, 2026

Azure Databricks - Privilege Escalation & Server Side Request Forgery

Published: April 3, 2026Updated: April 3, 2026Remote Exploitable

Overview

Azure Databricks contains a server side request forgery caused by improper validation of network requests, letting unauthorized attackers elevate privileges over the network, exploit requires network access.

Severity & Score

Severity: Critical

CVSS Score: 10.0

EPSS Score: 5.2%(Probability of exploitation in next 30 days)

Impact

Unauthorized attackers can elevate privileges over the network, potentially gaining unauthorized access or control.

Mitigation

Update to the latest version of Azure Databricks.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33107

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 3, 2026

🔴 CVE-2026-33107 - Critical (10) Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33107/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-33107
Severity: Critical
CVSS Score: 10.0
Type: server_side_request_forgery
Status: unconfirmed
EPSS: 5.2%
Social Posts: 1

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

5.2%Probability of exploitation in the next 30 days