CVE-2026-45642NVD

Vulnerability Summary

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

Severity Level

LOW(3.9)

Published Date

Jun 9, 2026

Last Modified

Jun 9, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.11%Probability

Root Weakness (CWE)

CWE-20: Improper Input Validation ↗

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required.

CVSS v3.1 Base Metrics

Attack VectorPhysical

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityHigh

AvailabilityNone

External References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642