CVE-2026-21528
Azure IoT Explorer Information Disclosure Vulnerability
In short
Azure IoT Explorer binds to all network addresses without restriction, allowing anyone on the network to access sensitive information. This can expose details about IoT devices and configurations that should remain private.
Technical detail
The application binds to an unrestricted IP address (0.0.0.0 or ::), permitting unauthenticated remote attackers to access exposed endpoints and retrieve sensitive information disclosure over the network. No authentication is required when the service is accessible on the network, increasing the attack surface in shared network environments.
Summary generated and translated by AI from the official description.
Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
Affected products
Microsoft · Azure IoT ExplorerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →