Skip to main content

Microsoft Entra EUVDEUVD-2026-41442

| CVE-2026-57100 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-02 microsoft GHSA-29v8-q543-pf5w
8.8
CVSS 3.1 · NVD
Temporal: 8.6
Share

Severity by source

Vendor (microsoft) PRIMARY
CRITICAL
qualitative
NVD
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
8.6 HIGH
cvss
vuln.today AI
8.8 HIGH

Network-reachable SSRF requiring a low-privileged authenticated identity (PR:L), no user interaction, with total impact per SSVC on the identity fabric yields C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Updated
Jul 08, 2026 - 18:43 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 08, 2026 - 18:42 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 08, 2026 - 18:37 vuln.today
cvss_changed
Severity Changed
Jul 08, 2026 - 18:37 NVD
CRITICAL HIGH
CVSS changed
Jul 08, 2026 - 18:37 NVD
9.9 (CRITICAL) 8.8 (HIGH)
Analysis Generated
Jul 02, 2026 - 22:50 vuln.today
CVE Published
Jul 02, 2026 - 22:18 cve.org
CRITICAL 9.9

DescriptionNVD

Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

AnalysisAI

Privilege escalation via server-side request forgery affects the Microsoft Entra Provisioning Service (SyncFabric), where an authenticated attacker with low privileges can coerce the service into making attacker-controlled network requests to reach internal endpoints and elevate privileges across the identity provisioning fabric. Microsoft has released a fix through MSRC; there is no public exploit identified at time of analysis, and SSVC rates exploitation as none with an EPSS of 0.64%. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged tenant identity
Delivery
Submit crafted provisioning input
Exploit
Coerce SyncFabric outbound request
Execution
Reach internal/trusted endpoint
Impact
Elevate privileges in identity fabric

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated foothold: the CVSS vector specifies PR:L, so the attacker must already hold a low-privileged authorized identity able to interact with the Microsoft Entra Provisioning Service (SyncFabric) - this is not exploitable by anonymous internet users. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are somewhat divergent and should be weighed together. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained a low-privileged authenticated identity within a tenant submits crafted provisioning configuration or input that causes the SyncFabric service to issue an outbound request to an attacker-chosen internal endpoint. By reaching internal metadata or trusted service endpoints that the provisioning service can access but the user cannot, the attacker elevates privileges within the identity fabric. …
Remediation Because Microsoft Entra Provisioning Service is a cloud-hosted service, remediation is primarily vendor-side: Microsoft reports a patch is available and has been rolled out through the service, so no customer-installed update is required - review the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57100 for confirmation of remediation status and any tenant-side guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all SyncFabric instances, document current versions, and verify administrative access is properly restricted. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41442 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy