Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Unauthenticated network-reachable auth bypass in an identity provider yields PR:N/UI:N/AC:L; scope changes because compromised IdP impacts downstream relying parties with full CIA loss.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
AnalysisAI
Privilege escalation in Microsoft Azure Active Directory allows unauthenticated remote attackers to bypass authentication controls and gain elevated access across tenant boundaries. With a maximum CVSS score of 10.0 and a scope-changing impact, successful exploitation could compromise identity, access, and resources federated through Azure AD. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation against default configurations of Azure Active Directory, per CVSS AV:N/AC:L/PR:N/UI:N. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H represents the worst-case profile: network-reachable, no authentication, no user interaction, low complexity, and a scope change with full CIA impact - hence the 10.0 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker on the public internet crafts a request to an Azure AD authentication endpoint that bypasses identity verification, obtaining a token or session that asserts a privileged identity (for example, a Global Administrator) in a target tenant. Because the CVSS scope is Changed, the attacker then pivots from the identity plane to downstream Microsoft 365 mailboxes, SharePoint, Azure subscriptions, and any SaaS application federated to that tenant. … |
| Remediation | Because Azure AD is a Microsoft-operated cloud service, the primary remediation path is server-side mitigation by Microsoft rather than a customer-installed patch; patch available per vendor advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45480, which customers should review to confirm whether tenant action (e.g., rotating refresh tokens, revoking sessions, updating libraries like MSAL/ADAL, or reconfiguring federation) is required. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all Azure AD environments and dependent services; enable enhanced monitoring for anomalous authentication patterns and cross-tenant access attempts. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Azure Active Directory
View allDenial of service in Microsoft Azure Active Directory (now Entra ID) allows a remote, unauthenticated attacker to disrup
Denial of service in Microsoft Azure Active Directory (Entra ID) allows a remote unauthenticated attacker to send networ
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as
Microsoft Azure Active Directory B2C Spoofing Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is rem
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38086
GHSA-rfvj-frr3-5qvh