Microsoft @azure-devops/mcp Missing Authentication (CVE-2026-32211): CVSS 9.1 Critical, Disclosed April 3, 2026
Date: 2026-04-17
Tags: malicious-tool, supply-chain
Executive Summary
CVE-2026-32211 is a missing authentication vulnerability in Microsoft @azure-devops/mcp with CVSS 9.1, disclosed April 3, 2026. This critical vulnerability affects Microsoft's Model Context Protocol (MCP) implementation for Azure DevOps, potentially allowing unauthenticated attackers to interact with AI agents connected to DevOps infrastructure.
Campaign Summary
| Field | Detail |
|---|---|
| Campaign / Malware | Azure DevOps MCP Authentication Bypass |
| Attribution | Unknown (confidence: none) |
| Target | Organizations using Microsoft @azure-devops/mcp with AI agents; Azure DevOps repositories and workflows |
| Vector | Missing authentication checks in Azure DevOps MCP server allowing unauthenticated requests |
| Status | active |
| First Observed | 2026-04-03 |
Detailed Findings
CVE-2026-32211 is a missing authentication vulnerability in Microsoft @azure-devops/mcp with CVSS 9.1, disclosed April 3, 2026. The vulnerability allows attackers to bypass authentication controls on Azure DevOps MCP services, potentially enabling unauthorized access to DevOps pipelines, repositories, and workflows when integrated with AI agents. This represents an expansion of the MCP attack surface in enterprise AI deployments.
MITRE ATT&CK Mapping
| Technique | ID | Context |
|---|---|---|
| Bypass Authentication Controls | T1556 | Missing authentication in MCP endpoint allows unauthorized access |
| Remote Code Execution via Agents | T1190 | Unauthenticated access to DevOps MCP enables code execution through compromised CI/CD |
| Supply Chain Compromise | T1195 | DevOps pipeline compromise via unauth MCP can inject malicious code into software supply chain |
IOCs
Domains
devops.microsoft.com (potentially affected endpoints)Full URL Paths
_Specific vulnerable versions not detailed in available source material; vendor advisory recommended_
Splunk Format
"devops.microsoft.com (potentially affected endpoints)"Package Indicators
@azure-devops/mcp (version info not specified in advisory)Detection Recommendations
Review and enforce authentication policies on all MCP endpoints in Azure DevOps. Audit MCP server configurations for missing authentication controls. Monitor for unauthenticated requests to @azure-devops/mcp endpoints. Implement IP allowlisting and API authentication tokens for MCP communications. Review CI/CD pipeline logs for unauthorized MCP interactions. Apply Microsoft security patches and updates for Azure DevOps MCP when available.
References
- [CyberDesserts Blog] AI Agent Security Risks 2026: MCP, OpenClaw & Supply Chain (2026-04-11) — https://blog.cyberdesserts.com/ai-agent-security-risks/