CVE-2026-50338 - Azure Spring Apps Elevation of Privilege Vulnerability - is an improper authentication issue affecting Azure Spring Apps that can allow elevation of privilege. The CVSS v3.1 base score is 8.2 (High) with a temporal score of 7.4; the vector is NETWORK, AC:H, PR:L, UI:N, and S:C, with HIGH confidentiality and integrity impact and no availability impact. Microsoft states the issue is not publicly disclosed and not exploited, but exploit code maturity is PROOF_OF_CONCEPT. Customer action is required. Because this is network-reachable and requires only low privileges and no user interaction, it is relevant for enterprise Azure deployments even though exploitation is rated less likely. Highlights: - CVSS scores: Base 8.2 - Temporal 7.4 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: PROOF_OF_CONCEPT. - Impact: Elevation of Privilege; confidentiality HIGH, integrity HIGH, availability NONE. - Exploitation likelihood: Exploitation Less Likely; vector context is NETWORK with HIGH attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High severity. Network exposure and no user interaction increase relevance for Azure Spring Apps deployments, but HIGH attack complexity and no reported exploitation reduce immediate likelihood. - Patch status: available; customer action required. Affected systems: - No products listed in the source data.