Entra Id

entra_id

Vendor: Microsoft • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-42901 1Microsoft 1Entra Id May 27, 2026 May 22, 2026 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33843 1Microsoft 1Entra Id May 27, 2026 May 22, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-40379 1Microsoft 1Entra Id May 21, 2026 May 12, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35431 1Microsoft 1Entra Id Apr 28, 2026 Apr 23, 2026 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-24305 1Microsoft 1Entra Id Feb 3, 2026 Jan 22, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-59246 1Microsoft 1Entra Id Oct 16, 2025 Oct 9, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-59218 1Microsoft 1Entra Id Oct 16, 2025 Oct 9, 2025 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-55241 1Microsoft 1Entra Id Sep 24, 2025 Sep 4, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Azure Entra ID Elevation of Privilege Vulnerability
CVE-2024-43477 1Microsoft 1Entra Id Jan 29, 2025 Aug 23, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.