CVE-2026-41103
published 2026-05-12CVE-2026-41103: Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a…
PriorityP270critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
5.38%
91.7th percentile
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | confluence_saml_sso | < 7.4.0 | 7.4.0 |
| microsoft | jira_saml_sso | < 1.3.3 | 1.3.3 |
| microsoft | microsoft_confluence_saml_sso_plugin | >= 1.0.0 < 7.4.0 | 7.4.0 |
| microsoft | microsoft_jira_saml_sso_plugin | >= 1.0.0 < 1.3.3 | 1.3.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-41103 involves forged credential presentation to bypass Entra ID authentication in the Microsoft SSO Plugin for Jira & Confluence — monitor for authentication events where credentials are accepted for existing users but originate from unexpected sources or fail normal Entra ID token validation flows. ↗
- ·The vulnerability is in the Microsoft SSO Plugin for Jira & Confluence specifically — scope of affected deployments is limited to those products using this plugin for Entra ID-based SSO. Patches should be applied to all affected plugin versions. ↗
- ·Microsoft assessed exploitation of CVE-2026-41103 as 'more likely', indicating defenders should prioritize patching and monitoring for this vulnerability. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Confluence SAML SSO Plugin/JIRA SAML SSO Plugin prior 1.3.3 incorrect implementation of authentication algorithm
vuldb·2026-05-12
CVE-2026-41103 [CRITICAL] Microsoft Confluence SAML SSO Plugin/JIRA SAML SSO Plugin prior 1.3.3 incorrect implementation of authentication algorithm
A vulnerability, which was classified as critical, was found in Microsoft Confluence SAML SSO Plugin and JIRA SAML SSO Plugin. This impacts an unknown function. Such manipulation leads to incorrect implementation of authentication algorithm.
This vulnerability is listed as CVE-2026-41103. The attack may be performed from remote. There is no available exploit.
You should upgrade the affected component.
GHSA
GHSA-w9j2-m5wx-fqq4: Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileg
ghsa_unreviewed·2026-05-12
CVE-2026-41103 [CRITICAL] CWE-303 GHSA-w9j2-m5wx-fqq4: Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileg
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
No detection rules found.
No public exploits indexed.
Rapid7
Patch Tuesday - May 2026
blogs_rapid7·2026-05-13·CVSS 10.0
CVE-2026-41089 [CRITICAL] Patch Tuesday - May 2026
Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above.
## Windows Netlogon: critical RCE
Anyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089 , which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges
Hackernews
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
blogs_hackernews·2026-05-13·CVSS 9.8
CVE-2025-54518 [CRITICAL] Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack.
Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by 32 remote code execution, 15 information disclosure, 14 spoofing, eight denial-of-service, six security feature bypass, and two tampering flaws.
The update li
Qualys
Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review
blogs_qualys·2026-05-12
CVE-2026-40364 Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review
## Table of Contents
Microsoft Patch Tuesday forMay2026
Adobe Patches for May 2026
Critical Severity Vulnerabilities Patched inMayPatch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Qualys Monthly Webinar Series
May 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy landscape. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for May 2026
This month’s release addresses 137 vulnerabilities, including 30 critical and 103 important-severity vulnerabilities.
In this month’s updates, Microsoft has not addressed any publicly disclosed zero-day vulnerability.
Microsoft has addressed 128
Krebs
Patch Tuesday, May 2026 Edition
blogs_krebs·2026-05-12·CVSS 9.8
CVE-2026-41089 [CRITICAL] Patch Tuesday, May 2026 Edition
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple , Google , Microsoft , Mozilla and Oracle — fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.
As it does on the second Tuesday of every month, Microsoft today released software updates to address at least 118 security vulnerabilities in its various Windows operating systems and other products. Remarkably, this is the first Patch Tuesday in nearly two years that Microsoft is not shipping any fixes to deal with emergency zero-day flaws
Tenable
Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)
blogs_tenable·2026-05-12·CVSS 9.1
CVE-2026-41103 [CRITICAL] Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)
## Exposure Management
## Explore By Use Case
## Explore By Industry
## Tenable is the one clear leader in Exposure Management
## Exposure management
resource center
## Accelerate your exposure management strategy with practical resources and tools.
## Explore By Use Case
## Explore By Industry
## Tenable is the one clear leader in Exposure Management
## Exposure management
resource center
## Accelerate your exposure management strategy with practical resources and tools.
## Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)
16 Critical
102 Important
0 Moderate
0 Low
Microsoft addresses 118 CVEs in its May 2026 Patch Tuesday release, with no zero-days exploited in the wild or publicly disclosed for the first time since June 2024.
Microsoft p
Sans Isc
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
blogs_sans_isc·2026-05-12·CVSS 4.3
CVE-2026-41103 [MEDIUM] Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
Microsoft May 2026 Patch Tuesday
Published: 2026-05-12. Last Updated: 2026-05-12 18:29:36 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
Today's Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge.
There are no already disclosed or already exploited vulnerabilities included in today's patches. I removed the Chromium issues from the table below and included only the 137 Microsoft issues to make it more readable.
Note that issues related to Microsoft Azure are labeled as "no customer action required.
Significant Vulnerabilities of interest:
CVE-2026-41103: This vulnerability affects the Microsoft SSO Plugin for Jira & Confluence. Exploitation could lead to an elevation of privileges. Wit
Crowdstrike
May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEs
blogs_crowdstrike
CVE-2026-20929 May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEs
Falcon AIDR Detects Threats at the Prompt Layer in Kubernetes AI Applications May 13, 2026
May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEs May 12, 2026
Inside CrowdStrike Automated Leads: A Transformative Approach to Threat Detections May 11, 2026
CrowdStrike Named a Leader in the First-Ever Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies May 06, 2026
Falcon AIDR Detects Threats at the Prompt Layer in Kubernetes AI Applications May 13, 2026
May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEs May 12, 2026
Inside CrowdStrike Automated Leads: A Transformative Approach to Threat Detections May 11, 2026
CrowdStrike Named a Leader in the First-Ever Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies May 06, 2026
Video Hi
2026-05-12
Published