What is the CVSS score of CVE-2026-24305?

CVE-2026-24305 has a CVSS 3.1 base score of 9.3 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Azure are affected by CVE-2026-24305?

A critical elevation of privilege vulnerability in Azure Entra ID (CVSS 9.3) allows attackers to gain unauthorized administrative access to cloud identity infrastructure without authentication.. A patch is available.

How to fix or mitigate CVE-2026-24305?

Within 24 hours: Declare incident response status, isolate affected Entra ID tenants from production, and enable enhanced logging on all Entra ID authentication events. Within 7 days: Implement network segmentation to restrict Entra ID API access, conduct forensic audit for unauthorized administrative account creation or privilege escalation, and establish daily threat intelligence monitoring. Within 30 days: Deploy conditional access policies to restrict admin operations, enforce MFA on all privileged accounts, and prepare emergency migration plan to secondary identity provider if patch remains unavailable.

Azure CVE-2026-24305

CRITICAL

Improper Authorization (CWE-285)

2026-01-22 secure@microsoft.com

Azure Entra Id

9.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.3 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 22, 2026 - 23:15 nvd

CRITICAL 9.3

DescriptionCVE.org

Azure Entra ID Elevation of Privilege Vulnerability

AnalysisAI

Azure Entra ID (formerly Azure AD) has an elevation of privilege vulnerability allowing attackers to escalate permissions within the identity platform.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send unauthenticated request to Entra ID endpoint

Exploit

Bypass authentication validation logic

Execution

Obtain elevated privileges

Impact

Access confidential resources across scope

Access

Send unauthenticated request to Entra ID endpoint

Exploit

Bypass authentication validation logic

Execution

Obtain elevated privileges

Impact

Access confidential resources across scope

Vulnerability AssessmentAI

Exploitation	No special conditions — remote unauthenticated exploitation against default Azure Entra ID configurations. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.3 — Azure Entra ID is the identity backbone for Azure cloud services. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with a low-privileged Azure Entra ID account exploits the elevation of privilege to gain Global Administrator access, then controls all Azure subscriptions, Office 365 tenants, and connected applications.
Remediation	Microsoft has issued patches. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Declare incident response status, isolate affected Entra ID tenants from production, and enable enhanced logging on all Entra ID authentication events. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-24305 vulnerability details – vuln.today

Back

Azure CVE-2026-24305

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code