CVE-2026-47632 - Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability - is an improper certificate validation issue in the Azure Monitor Agent Metrics Extension that can allow elevation of privilege. Microsoft rates it as High severity with a CVSS v3.1 base score of 8.8 and temporal score of 7.7. The vector is adjacent network, low attack complexity, no privileges required, no user interaction, and unchanged scope, with high confidentiality, integrity, and availability impact. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity unproven. Customer action is required, and the enterprise risk is primarily for systems where the extension is reachable over adjacent-network conditions. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; adjacent-network attack vector, LOW attack complexity, NO privileges required, and NO user interaction. - Severity for enterprise: High technical severity, but risk is more constrained than network-reachable remote attacks because the vector is adjacent network rather than full network exposure. No active exploitation is reported. - Patch status: available Affected systems: - No products listed