Skip to main content

Microsoft Graph

1 CVEs product

Monthly

CVE-2026-47655 MEDIUM PATCH NEWS NO ACTION HOSTED Monitor

Microsoft Graph exposes sensitive data to authenticated network attackers due to improper authorization controls, allowing low-privileged API callers to retrieve information beyond their granted scope. The vulnerability (CVSS 6.5) carries high confidentiality impact (C:H) with no integrity or availability consequence, making it a pure data disclosure risk against Microsoft's unified cloud API surface. No public exploit code has been identified at time of analysis, and Microsoft has released a server-side patch via MSRC advisory CVE-2026-47655.

Information Disclosure Microsoft Microsoft Graph
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM PATCH NO ACTION HOSTED Monitor

Microsoft Graph exposes sensitive data to authenticated network attackers due to improper authorization controls, allowing low-privileged API callers to retrieve information beyond their granted scope. The vulnerability (CVSS 6.5) carries high confidentiality impact (C:H) with no integrity or availability consequence, making it a pure data disclosure risk against Microsoft's unified cloud API surface. No public exploit code has been identified at time of analysis, and Microsoft has released a server-side patch via MSRC advisory CVE-2026-47655.

Information Disclosure Microsoft Microsoft Graph
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy