Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Loop with unreachable exit condition ('infinite loop') in Azure Active Directory allows an unauthorized attacker to deny service over a network.
AnalysisAI
Denial of service in Microsoft Azure Active Directory (Entra ID) allows a remote unauthenticated attacker to send network traffic that drives affected processing into an infinite loop (CWE-835), exhausting resources and disrupting availability of the identity service. The flaw carries CVSS 7.5 with a high-availability impact, no confidentiality or integrity effect, and no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, verify with Microsoft that the patch has been deployed to your Azure AD/Entra ID tenant and confirm service health via the Azure Status Dashboard. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Azure Active Directory
View allPrivilege escalation in Microsoft Azure Active Directory allows unauthenticated remote attackers to bypass authenticatio
Denial of service in Microsoft Azure Active Directory (now Entra ID) allows a remote, unauthenticated attacker to disrup
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as
Microsoft Azure Active Directory B2C Spoofing Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is rem
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43782