Vulnerability intelligence
CVE-2026-42826
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVSS Score
10
Critical
EPSS — Exploit Probability
0.1%
Riskier than 27% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
Patch available
Vendor fix published
1 article across 1 outlet · first covered May 13, 2026 · latest May 13, 2026
Coverage timeline
-
May 2026 Patch Tuesday: 137 Vulnerabilities, No Zero-Dayssocradar.io · May 13, 2026