55 matches found
CVE-2026-41615
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network...
CVE-2026-41615
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network...
CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability
...
EUVD-2026-30342
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network...
CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability
...
CVE-2026-41615
CVE-2026-41615 affects Microsoft Authenticator. The available documents identify an information disclosure vulnerability that could allow an unauthorized network actor to exfiltrate sensitive data from the Microsoft Authenticator component. The CVSS 3.1 score is 9.6 (CRITICAL) with Network attack...
CVE-2026-41615
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network...
Microsoft Authenticator Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network...
Microsoft Authenticator 信息泄露漏洞
Microsoft Authenticator is an application for multi-factor authentication developed by Microsoft Corporation in the United States. There is an information leakage vulnerability in Microsoft Authenticator. This vulnerability stems from the exposure of sensitive information to unauthorized...
PT-2026-40974
Name of the Vulnerable Software and Affected Versions Microsoft Authenticator affected versions not specified Description Exposure of sensitive information in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no...
KLA91047 OSI vulnerability in Microsoft Apps
An information disclosure vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2026-41615 Exploitation Related products Microsoft-Authenticator-for-Android Microsoft-Authenticator-for-IOS CVE list...
CVE-2026-26123
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...
Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw
It’s only on rare occasions that anyone pays attention to the acknowledgment section of a vulnerability disclosure. But for the person who found the bug, it's often the conclusion of hours of work, trial and error, searching for recognition, and finally seeing the vulnerability get patched. Bug...
Microsoft Authenticator could leak login codes—update your app now
A vulnerability in Microsoft Authenticator for both iOS and Android CVE-2026-26123 could leak your one-time sign-in codes or authentication deep links to a malicious app on the same device. Deep links are predefined URIs Uniform Resource Identifiers that allow direct access to an activity in a we...
EUVD-2026-10797
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...
CVE-2026-26123
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...
CVE-2026-26123
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...
CVE-2026-26123 Microsoft Authenticator Information Disclosure Vulnerability
...
CVE-2026-26123
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...
CVE-2026-26123
Summary: CVE-2026-26123 affects Microsoft Authenticator for iOS and Android. A malicious app on the same device could intercept sign-in flows by hijacking deep links/QR-based sign-ins, potentially exposing one-time codes and allowing account takeover, bypassing MFA protections. The vulnerability ...