CVE-2026-23661

Published Mar 10, 2026

Last updated 17 days ago

CVSS high 7.5
IoT

Overview

Description
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Source
secure@microsoft.com
NVD status
Analyzed
Products
azure_iot_explorer

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-319

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.CVE-2026-4252
  2. A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutter_assets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storage of credentials. The attack requires local access. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.CVE-2026-4251
  3. Google Skia Out-of-Bounds Write VulnerabilityCVE-2026-3909
  4. Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.CVE-2026-26121
  5. Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.CVE-2026-23664

References

Sources include official advisories and independent security research.