Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Azure Backup for AKS privilege escalation flaw

Vulnerability
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

A critical Azure Backup for AKS privilege-escalation flaw was independently validated, exposing Kubernetes clusters to cluster-admin takeover from the low-privileged Backup Contributor role. The weakness could let an attacker extract secrets or restore malicious workloads through Trusted Access. No public CVE or advisory was issued, making the exposure window harder to track.

Related Happenings

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
First: 18.05.2026 07:59 Last: 18.05.2026 07:59 Sources 1

About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...

Open Happening

Windows cldflt.sys privilege escalation (CVE-2020-17103)

Vulnerability
First: 18.05.2026 01:30 Last: 18.05.2026 01:30 Sources 1

About this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...

Open Happening

Windows 11 BitLocker bypass YellowKey security flaw

Vulnerability
First: 14.05.2026 10:27 Last: 14.05.2026 10:27 Sources 1

About this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...

Latest development: 20.05.2026 10:31

Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.

Open Happening

Windows Netlogon stack-based buffer overflow security flaw (CVE-2026-41089)

Vulnerability
First: 13.05.2026 11:15 Last: 13.05.2026 11:15 Sources 1

About this happening: Microsoft’s **May Patch Tuesday** fixed **CVE-2026-41089**, a **critical** stack-based buffer overflow in **Windows Netlogon** that could let attackers gain **system privileges**...

Open Happening

CISA KEV order for BlueHammer patching

Public Sector Action
First: 23.04.2026 14:05 Last: 23.04.2026 14:05 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...

Open Happening

Timeline

  1. 16.05.2026 23:55 1 articles · 11d ago

    Azure Backup for AKS flaw reported to Microsoft

    Initial Disclosure

    Justin O'Leary reported an Azure Backup for AKS privilege-escalation flaw to Microsoft on March 17, 2026 after finding that the low-privileged Backup Contributor role could trigger Trusted Access and reach cluster-admin privileges inside Kubernetes clusters.

    Show sources
    Open in new tab
  2. 16.05.2026 23:55 1 articles · 11d ago

    MSRC rejects Azure Backup for AKS report

    Technical Analysis Update

    Microsoft Security Response Center rejected the Azure Backup for AKS report on April 13, 2026, asserting that the issue only involved cluster-admin access on a cluster where the attacker already held administrator access.

    Show sources
    Open in new tab
  3. 16.05.2026 23:55 1 articles · 11d ago

    CERT/CC validates Azure Backup for AKS flaw

    Technical Analysis Update

    CERT Coordination Center independently validated the Azure Backup for AKS privilege-escalation flaw on April 16, 2026 and assigned VU#284781, confirming that a user with zero Kubernetes permissions could gain cluster-admin access.

    Show sources
    Open in new tab
  4. 16.05.2026 23:55 1 articles · 11d ago

    Microsoft pushes back on CVE assignment

    Legal Policy Action Update

    On May 4, 2026, Microsoft staff reportedly contacted MITRE to recommend against CVE assignment for the Azure Backup for AKS flaw, again arguing that the issue required pre-existing administrative access.

    Show sources
    Open in new tab
  5. 16.05.2026 23:55 2 articles · 11d ago

    Azure Backup for AKS changes without a public advisory

    Victim Impact Update

    By the May 16, 2026 publication date, the disclosed Azure Backup for AKS flaw appeared to have been changed so the original attack path no longer worked, Trusted Access had to be configured manually before backup could be enabled, and defenders still had no public advisory or CVE to track affected Azure Backup for AKS environments.

    Show sources
    Open in new tab