This page lists publicly disclosed CVE vulnerabilities affecting microsoft entra_id (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-42901 | Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. | [email protected] | 10.0 | 0.39% | 2026-05-22 | 2026-06-17 |
| CVE-2026-33843 | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | [email protected] | 9.1 | 0.65% | 2026-05-22 | 2026-06-17 |
| CVE-2026-40379 | Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network. | [email protected] | 9.3 | 0.91% | 2026-05-12 | 2026-06-17 |
| CVE-2026-35431 | Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. | [email protected] | 10.0 | 0.51% | 2026-04-23 | 2026-06-17 |
| CVE-2026-24305 | Azure Entra ID Elevation of Privilege Vulnerability | [email protected] | 9.3 | 0.50% | 2026-01-22 | 2026-06-17 |
| CVE-2025-59246 | Azure Entra ID Elevation of Privilege Vulnerability | [email protected] | 9.8 | 6.94% | 2025-10-09 | 2026-06-17 |
| CVE-2025-59218 | Azure Entra ID Elevation of Privilege Vulnerability | [email protected] | 9.6 | 0.60% | 2025-10-09 | 2026-06-17 |
| CVE-2025-55241 | Azure Entra ID Elevation of Privilege Vulnerability | [email protected] | 10.0 | 1.55% | 2025-09-04 | 2026-06-17 |
| CVE-2024-43477 | Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. | [email protected] | 7.5 | 1.04% | 2024-08-22 | 2026-06-17 |