Authentication

Vulnerabilities 2026-04-06
CVE-2026-32211: Azure MCP Server Ships with No Auth — Your DevOps Secrets Are One Request Away
Critical CVSS 9.1 flaw in Azure MCP Server has zero authentication on critical functions, exposing API keys, tokens, repos, and pipeline configs to unauthenticated attackers. No patch available.
azure mcp devops authentication microsoft cicd

CVE-2026-32211: Azure MCP Server Ships with No Auth — Your DevOps Secrets Are One Request Away