cbcvebase.

Microsoft Entra vulnerabilities

9 known vulnerabilities affecting microsoft/microsoft_entra.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH2

Vulnerabilities

Page 1 of 1
CVE-2025-59246P2CRITICALCVSS 9.8v-2025-10-09
CVE-2025-59246 [CRITICAL] CWE-306 CVE-2025-59246: Azure Entra ID Elevation of Privilege Vulnerability Azure Entra ID Elevation of Privilege Vulnerability
nvd
CVE-2026-33843P2CRITICALCVSS 9.8v-2026-05-22
CVE-2026-33843 [CRITICAL] CWE-288 CVE-2026-33843: Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C all Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
cvelistv5nvd
CVE-2025-55241P2CRITICALCVSS 9.8v-2025-09-04
CVE-2025-55241 [CRITICAL] CWE-287 CVE-2025-55241: Azure Entra ID Elevation of Privilege Vulnerability Azure Entra ID Elevation of Privilege Vulnerability
nvd
CVE-2026-24305P2CRITICALCVSS 9.8v-2026-01-22
CVE-2026-24305 [CRITICAL] CWE-285 CVE-2026-24305: Azure Entra ID Elevation of Privilege Vulnerability Azure Entra ID Elevation of Privilege Vulnerability
nvd
CVE-2026-42901P3CRITICALCVSS 10.0v-2026-05-22
CVE-2026-42901 [CRITICAL] CWE-346 CVE-2026-42901: Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.
cvelistv5nvd
CVE-2026-35431P3CRITICALCVSS 10.0v-2026-04-23
CVE-2026-35431 [CRITICAL] CWE-918 CVE-2026-35431: Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthoriz Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2025-59218P3CRITICALCVSS 9.6v-2025-10-09
CVE-2025-59218 [CRITICAL] CWE-284 CVE-2025-59218: Azure Entra ID Elevation of Privilege Vulnerability Azure Entra ID Elevation of Privilege Vulnerability
nvd
CVE-2026-40379P3HIGHCVSS 7.5v-2026-05-12
CVE-2026-40379 [HIGH] CWE-200 CVE-2026-40379: Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2024-43477P3HIGHCVSS 7.5vN/A2024-08-23
CVE-2024-43477 [HIGH] CWE-284 CVE-2024-43477: Improper access control in Decentralized Identity Services resulted in a vulnerability that allows a Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
nvd
Microsoft Entra vulnerabilities | cvebase