Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Network-reachable, low-complexity, unauthenticated deserialization with no user interaction (AV:N/AC:L/PR:N/UI:N); impact limited to availability so C:N/I:N/A:H, scope unchanged.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network.
AnalysisAI
Denial of service in Microsoft Azure Active Directory (now Entra ID) allows a remote, unauthenticated attacker to disrupt service availability by sending crafted serialized data that triggers unsafe deserialization (CWE-502). The flaw carries a CVSS 7.5 (High) with a fully network-reachable, no-privilege, no-interaction vector, but impact is confined to availability - confidentiality and integrity are not affected. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation (AV:N/AC:L/PR:N/UI:N) against a network-reachable Azure Active Directory endpoint, requiring only the ability to send a crafted serialized request. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are moderately consistent but point to a real, easily-triggered availability risk rather than a catastrophic compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote, unauthenticated attacker sends a crafted serialized payload to a network-exposed Azure AD processing endpoint, triggering unsafe deserialization that exhausts resources or crashes the handling component and denies authentication/identity service to legitimate users and applications. No credentials, user interaction, or non-default configuration are required, making the request trivial to send. … |
| Remediation | Patch available per vendor advisory: Microsoft has released a fix, published at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50652 - review that advisory for the exact affected components and any customer action required, as much of the fix for a cloud identity service is applied by Microsoft platform-side and may need no direct action. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, assess organizational exposure to CVE-2026-50652, identify all Azure AD instances in use, and obtain the patch version from Microsoft Security Response Center (MSRC). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Azure Active Directory
View allPrivilege escalation in Microsoft Azure Active Directory allows unauthenticated remote attackers to bypass authenticatio
Denial of service in Microsoft Azure Active Directory (Entra ID) allows a remote unauthenticated attacker to send networ
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as
Microsoft Azure Active Directory B2C Spoofing Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is rem
Same weakness CWE-502 – Deserialization of Untrusted Data
View allSame technique Deserialization
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43781
GHSA-79fq-78m6-5rrm