Skip to main content

O365 Moodle

1 CVEs product

Monthly

CVE-2026-54733 CRITICAL PATCH Act Now

Authentication bypass in the Microsoft 365 / Microsoft Entra ID (local_o365) plugin for Moodle allows an unauthenticated attacker to forge a JWT and log in as any Office 365-linked Moodle user before versions 4.5.6, 5.0.5, and 5.1.1. The Teams SSO endpoint sso_login.php base64-decodes the JWT payload and trusts the 'upn' claim without verifying the token signature, so a self-signed or hand-crafted token is accepted as valid. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the flaw is trivially exploitable and confirmed by a Microsoft GitHub security advisory (GHSA-hqjh-93qv-47v5).

Microsoft PHP Jwt Attack Information Disclosure O365 Moodle
NVD GitHub
CVSS 4.0
9.3
CVSS 9.3
CRITICAL PATCH Act Now

Authentication bypass in the Microsoft 365 / Microsoft Entra ID (local_o365) plugin for Moodle allows an unauthenticated attacker to forge a JWT and log in as any Office 365-linked Moodle user before versions 4.5.6, 5.0.5, and 5.1.1. The Teams SSO endpoint sso_login.php base64-decodes the JWT payload and trusts the 'upn' claim without verifying the token signature, so a self-signed or hand-crafted token is accepted as valid. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the flaw is trivially exploitable and confirmed by a Microsoft GitHub security advisory (GHSA-hqjh-93qv-47v5).

Microsoft PHP Jwt Attack +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy