Azure Entra ID lets unauthorized users access sensitive data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

Azure Entra ID lets unauthorized users access sensitive data

CVE-2026-26148

Summary

An issue in Azure Entra ID allows attackers to access sensitive data on a local system. This could lead to unauthorized access to important information. You should update Azure Entra ID to the latest version to prevent this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
microsoft	azure_ad_ssh_login_extension_for_linux	> 1.0.0 , <= 1.0.033370002	–

Original title

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

Original description

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

nvd CVSS3.1 8.1

Vulnerability type

CWE-454

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26148

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026