Microsoft Rejects Azure Backup AKS Vulnerability Report, Blocks CVE

Security researcher Justin O'Leary has disclosed a critical vulnerability in Microsoft Azure Backup for Azure Kubernetes Service (AKS) that allowed privilege escalation from a low-privileged "Backup Contributor" role to full cluster-admin access. The flaw, discovered in March 2026 and reported to Microsoft on March 17, exploited the Trusted Access feature used by Azure Backup to grant backup extensions administrative privileges inside Kubernetes clusters. O'Leary classified the issue as a Confused Deputy vulnerability (CWE-441), where the service could be tricked into granting unauthorized access without requiring any pre-existing cluster permissions.

Microsoft rejected the report on April 13, 2026, claiming the attack required pre-existing administrator access on the cluster. However, O'Leary disputes this characterization, stating the vulnerability allowed users with zero Kubernetes permissions to gain cluster-admin privileges. The researcher further alleges Microsoft described the submission to MITRE as "AI-generated content" without addressing the technical merits. After the rejection, O'Leary escalated the issue to the CERT Coordination Center, which independently validated the vulnerability on April 16 and assigned it tracking identifier VU#284781. CERT/CC had initially scheduled public disclosure for June 1, 2026.

Despite CERT/CC's validation, Microsoft contacted MITRE on May 4 recommending against CVE assignment, again arguing the issue required pre-existing administrative access. CERT/CC subsequently closed the case under CNA (CVE Numbering Authority) hierarchy rules, effectively leaving Microsoft—with final authority over CVE issuance for its own products. The attack vector involved enabling backup on a target AKS cluster, which caused Azure to automatically configure Trusted Access with cluster-admin privileges. From there, an attacker could extract secrets through backup operations or restore malicious workloads into the cluster. Organizations using Azure services should regularly audit their configurations using tools like our privacy checkup to ensure proper access controls.

O'Leary documented new permission checks and failed exploit attempts after disclosure, which he argues indicates a silent patch was applied. Microsoft maintains "no product changes were made," though the conflicting evidence suggests otherwise. This case highlights ongoing concerns about conflict of interest when vendors self-certify vulnerabilities in their own platforms. Organizations concerned about exposure can verify if their emails have been compromised using our email breach checker, while security teams may benefit from our port scanner to audit exposed cloud services.