Microsoft dismisses critical Azure flaw report, no CVE assigned

A security researcher has publicly accused Microsoft of quietly addressing a critical vulnerability in Azure Backup for AKS after rejecting his report and blocking the issuance of a CVE identifier. The researcher, Justin O’Leary, claims the flaw allowed any user with the low-privileged “Backup Contributor” role to escalate their permissions to cluster-admin, granting full control over Kubernetes clusters.

Microsoft disputes the characterization, telling BleepingComputer that the behavior was “expected” and that “no product changes were made.” Yet O’Leary has documented new permission checks and failed exploit attempts after disclosure, suggesting a silent patch was applied.

The core of the issue lies in how Azure Backup for AKS uses Trusted Access to grant backup extensions cluster-admin privileges. O’Leary discovered that an attacker with only the Backup Contributor role on a backup vault could trigger this Trusted Access relationship without any pre-existing Kubernetes permissions. By enabling backup on a target AKS cluster, Azure would automatically configure Trusted Access with elevated rights, enabling the extraction of secrets or the restoration of malicious workloads. He classified this as a Confused Deputy vulnerability (CWE-441), where the trust boundaries between Azure RBAC and Kubernetes RBAC were bypassed.

O’Leary reported the flaw to Microsoft on March 17. The Microsoft Security Response Center (MSRC) rejected it on April 13, arguing the issue only worked if the attacker already held administrative access. O’Leary called this “factually incorrect,” stating the vulnerability “allows a user with zero Kubernetes permissions to gain cluster-admin.”

After the rejection, O’Leary escalated to CERT Coordination Center, which independently validated the flaw on April 16 and assigned it identifier VU#284781. However, on May 4, Microsoft reportedly contacted MITRE recommending against a CVE, again citing the need for pre-existing admin access. CERT/CC later closed the case under CNA hierarchy rules, leaving Microsoft as the final authority on CVE issuance for its own products.

Despite Microsoft’s denial of any changes, O’Leary observed that the original attack path now fails. He received error messages like `UserErrorTrustedAccessGatewayReturnedForbidden` and noted that Trusted Access must now be manually configured before backup can be enabled. He also found new permission checks: the vault MSI now requires Reader permissions on the AKS cluster and snapshot resource group, while the AKS cluster MSI needs Contributor permissions on the snapshot resource group. These changes, absent during his March testing, strongly indicate a fix was applied without a public advisory.

This situation creates a visibility problem for defenders. Without a CVE or advisory, security teams cannot track the exposure window or remediation timeline. “Organizations that granted Backup Contributor between an unknown start date and May 2026 were exposed to privilege escalation,” O’Leary wrote. “Without a CVE, security teams cannot track this exposure. Silent patching protects vendors, not customers.”

The case highlights a structural issue in vulnerability disclosure. Disputes between researchers and vendors over severity and exploitability are increasingly common. With bug bounty programs overwhelmed by AI-assisted reports, legitimate findings can be dismissed or ignored. Without a framework that realigns incentives for all parties, responsible disclosure risks becoming a bureaucratic exercise that leaves organizations exposed in the dark.