CVE Catalog

CVE-2026-45642

LowCVSS 3.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

28th percentile — higher than 28% of all known CVEs

Summary

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

Risk Assessment

Attackers may exploit this vulnerability to impersonate trusted devices, potentially leading to unauthorized access to organizational resources.

Recommendation

It is recommended to implement additional security measures and regularly update systems to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS