Microsoft EUVD-2026-25312

| CVE-2026-35431 CRITICAL
Server-Side Request Forgery (SSRF) (CWE-918)
2026-04-23 microsoft GHSA-7r3r-j3vr-c4w6
Microsoft SSRF
10.0
CVSS 3.1
Temporal: 8.7
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

DescriptionNVD

Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.

Analysis

Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-33453 CRITICAL
10.0 Apr 27

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap

CVE-2026-33819 CRITICAL
10.0 Apr 23

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVE-2026-21515 CRITICAL
9.9 Apr 24

Privilege escalation in Azure IoT Central enables authenticated attackers to gain unauthorized access to sensitive infor
CVE-2026-40453 CRITICAL
9.9 Apr 27

The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such a
CVE-2026-7343 CRITICAL
9.8 Apr 28

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromise

Share

EUVD-2026-25312 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy