9 matches found
CVE-2026-35431
CVE-2026-35431 covers a spoofing vulnerability in Microsoft Entra ID Entitlement Management. The entry indicates a remote, network-exploitable flaw with no user interaction, causing high impact to confidentiality, integrity, and availability (S:C, C:H, I:H, A:H). Exploit code maturity is UNPROVEN...
CVE-2024-43477
CVE-2024-43477 concerns an improper access control flaw in Decentralized Identity Services within Microsoft Entra ID. The vulnerability allows an unauthenticated attacker to disable Verifiable IDs on a different tenant, effectively an elevation of privilege scenario for the affected identity serv...
CVE-2026-33843
CVE-2026-33843 affects Microsoft Azure Active Directory B2C. A authentication bypass via an alternate path or channel could allow an unauthorized attacker to elevate privileges over a network. The CVSSv3.1 base score is 9.1 (CRITICAL) with high impact on confidentiality and integrity, and no user...
CVE-2025-55241
PT-2025-36098 confirms CVE-2025-55241 affects Microsoft Entra ID (formerly Azure Active Directory) and describes the root cause as improper validation of tenant context during token authentication, enabling potential elevation of privileges via actor tokens. The advisory states a critical, networ...
CVE-2026-42901
CVE-2026-42901 affects Microsoft Entra ID. AOrigin validation error allows an unauthenticated attacker to elevate privileges over a network. Metrics indicate a CRITICAL impact (CVSSv3.1: 10.0, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) with network-based access, no user interaction, and a changed scope...
CVE-2025-59246
Concrete details found: CVE-2025-59246 affects Microsoft Entra ID via an internal authentication-bypass in the Entra ID Graph API extension role-synchronization path, enabling remote elevation of privileges (no credentials required). Exploitation described in a GitHub exploit repo confirms unauth...
CVE-2026-40379
CVE-2026-40379 is a Microsoft ESTS (Enterprise Security Token Service) spoofing vulnerability impacting Azure services. The connected sources confirm exposure of sensitive information to an unauthorized actor in Azure Entra ID and describe exploitation as network-based spoofing. The CVSS 3.1 scor...
CVE-2025-59218
CVE-2025-59218 affects Microsoft Azure Entra ID. The connected sources identify an Elevation of Privilege vulnerability in Azure Entra ID with a CVSS v3.1 base score of 9.6 (Network attack vector, Low attack complexity, No privileges required, User interaction required; Confidentiality/Integrity ...
CVE-2026-24305
CVE-2026-24305 maps to an Elevation of Privilege vulnerability in Azure Entra ID. Public disclosures in the connected sources indicate a high-impact issue with critical scores (NVD 9.8 overall; MS description 9.3) and a network/vector with no user interaction required. The exact vulnerable compon...