Azure Databricks SSRF (CVE-2026-33107)
CVE-2026-33107
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network....
Overview
A critical Server-Side Request Forgery (SSRF) vulnerability, tracked as CVE-2026-33107, has been identified in Azure Databricks. With a maximum CVSS score of 10.0, this flaw allows a remote, unauthenticated attacker to send unauthorized requests from the vulnerable Databricks server to internal systems, leading to privilege escalation.
Vulnerability Details
In simple terms, SSRF tricks a server into making requests to locations it should not access. In this case, the Azure Databricks platform incorrectly validates user-supplied URLs. An attacker can exploit this by crafting a malicious request that forces the Databricks backend to connect to internal services within the cloud environment, such as metadata endpoints or other management APIs. The attack requires no privileges or user interaction and is easily executed over the network.
Impact
The primary risk is privilege escalation within the Azure cloud tenant. By abusing the Databricks server’s trusted position, an attacker could access sensitive metadata, interact with other Azure services, and potentially gain administrative control over resources. This could lead to full compromise of the Databricks workspace, data exfiltration, and lateral movement to other corporate assets hosted in Azure. For the latest on data breaches, see our breach reports.
Remediation and Mitigation
The only complete remediation is to apply the official security patch provided by Microsoft for Azure Databricks immediately. Administrators should verify their workspace is running the latest, patched version.
If patching cannot be performed instantly, consider these temporary mitigations while you schedule the update:
- Restrict outbound network traffic from the Databricks clusters and control plane to only essential external services, blocking access to internal metadata services (like
169.254.169.254). - Review and tighten Identity and Access Management (IAM) roles and permissions for the Databricks service principal in Azure to adhere to the principle of least privilege.
- Closely monitor network logs for unexpected outbound connections from Databricks resources.
Stay informed on emerging threats via our security news section.
Security Insight
This vulnerability highlights the persistent risk of SSRF in complex, integrated cloud platforms where a single service can hold keys to the broader kingdom. It echoes past incidents in other cloud services where SSRF led to massive credential leakage from instance metadata. The maximum CVSS score underscores how cloud providers’ shared responsibility models can be upended when a platform service itself becomes a vector for tenant boundary violation.
Further Reading
Never miss a critical vulnerability
Get real-time security alerts delivered to your preferred platform.
Related Advisories
Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF) vulnerability in its API c...
Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network....
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoints (/api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool) accept ...
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or c...