CVE-2024-49056 — Airlift.microsoft.com Elevation of Privilege Vulnerability

Executive Summary

Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.

Overview

7.3

CVSS HIGH

Critical

MS Severity

Not Exploited

MS Exploit Status

N/A

MS Exploit Likelihood

Category Elevation of Privilege

Released Nov 12 2024

Last Updated Nov 12 2024

Publicly Disclosed No

CISA KEV Not Listed

Known Exploits None Known

EPSS Score 0.01039 — 0.59494 percentile

CVSS Vector

ATTACK VECTOR

Network

ATTACK COMPLEXITY

Low

PRIVILEGES REQUIRED

Low

USER INTERACTION

Required

SCOPE

Unchanged

Temporal Score: 6.4

EPSS Score

0.01039

probability of exploitation in the next 30 days

0.59494 percentile - updated 2026-06-20

View on FIRST.org

Affected Products

1 affected product

Product	KB Article	Severity	Impact	Restart Required
airlift.microsoft.com	`—`	Critical	Elevation of Privilege	Unknown

Patches

1 patch

Article	Type	Restart
`—`		Unknown

Known Exploits

No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.

Acknowledgments

Cameron Vincent with Microsoft

References

MSRC Advisory MITRE NVD