Microsoft Entra Id Sso Login

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-0948 MEDIUM PATCH This Month

The Microsoft Entra ID SSO Login module for Drupal before version 1.0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to escalate privileges through an alternate authentication channel. An attacker can exploit this flaw to gain unauthorized access with elevated permissions on affected Drupal installations. No patch is currently available, and the vulnerability has low exploit probability (EPSS 0.1%).

Drupal Privilege Escalation Authentication Bypass Microsoft Entra Id Sso Login

NVD

CVSS 3.1

6.5

EPSS

0.1%

CVE-2026-0948

EPSS 0% CVSS 6.5

MEDIUM PATCH This Month

The Microsoft Entra ID SSO Login module for Drupal before version 1.0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to escalate privileges through an alternate authentication channel. An attacker can exploit this flaw to gain unauthorized access with elevated permissions on affected Drupal installations. No patch is currently available, and the vulnerability has low exploit probability (EPSS 0.1%).

Drupal Privilege Escalation Authentication Bypass +1

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy