Azure DevOps security vulnerabilities in critical components

9/10 Critical

Azure DevOps discovered multiple critical vulnerabilities including SSRF and CRLF injection flaws in endpointproxy and Service Hooks components, allowing DNS rebinding attacks and unauthorized access to internal services with risks of data leakage and token theft.

Azure DevOpsService Hooks
Category
security
Workaround
solid
Stage
deploy
Freshness
emerging
Scope
framework
Upstream
open
Recurring
No
Buyer Type
enterprise
Maintainer
active

Sources

Collection History

Query: “What are the most common pain points with Azure for developers in 2025?4/7/2026

the discovery of multiple critical vulnerabilities, including SSRF and CRLF injection flaws within the endpointproxy and Service Hooks components. These vulnerabilities could be exploited to carry out DNS rebinding attacks and allow unauthorized access to internal services.

Created: 4/7/2026Updated: 4/7/2026