Microsoft disclosed a CVSS 10.0 critical elevation of privilege vulnerability in Azure Local’s Disconnected Operations (ALDO) component as part of the May 2026 Patch Tuesday cycle. The maximum CVSS score indicates unauthenticated, remotely exploitable potential with full system compromise impact. Organizations running Azure Local in edge, OT-adjacent, or air-gapped configurations carry the highest exposure and should treat patching as an emergency action.