Microsoft Graph
Monthly
Microsoft Graph exposes sensitive data to authenticated network attackers due to improper authorization controls, allowing low-privileged API callers to retrieve information beyond their granted scope. The vulnerability (CVSS 6.5) carries high confidentiality impact (C:H) with no integrity or availability consequence, making it a pure data disclosure risk against Microsoft's unified cloud API surface. No public exploit code has been identified at time of analysis, and Microsoft has released a server-side patch via MSRC advisory CVE-2026-47655.
Microsoft Graph exposes sensitive data to authenticated network attackers due to improper authorization controls, allowing low-privileged API callers to retrieve information beyond their granted scope. The vulnerability (CVSS 6.5) carries high confidentiality impact (C:H) with no integrity or availability consequence, making it a pure data disclosure risk against Microsoft's unified cloud API surface. No public exploit code has been identified at time of analysis, and Microsoft has released a server-side patch via MSRC advisory CVE-2026-47655.