CVE-2026-45480
published 2026-06-19CVE-2026-45480: Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
PriorityP274critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.56%
42.4th percentile
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_active_directory | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Azure Active Directory privilege escalation (EUVD-2026-38086)
vuldb·2026-06-20
CVE-2026-45480 [CRITICAL] Microsoft Azure Active Directory privilege escalation (EUVD-2026-38086)
A vulnerability was found in Microsoft Azure and classified as critical. This vulnerability affects unknown code of the component Active Directory Handler. Such manipulation leads to privilege escalation.
This vulnerability is referenced as CVE-2026-45480. The attack needs to be initiated within the local network. No exploit is available.
GHSA
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
ghsa_unreviewed·2026-06-19
CVE-2026-45480 [CRITICAL] CWE-287 Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-19
Published