Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-33843: Azure Active Directory B2C Privilege Elevation Over Network

CVE-2026-33843

Summary

An attacker can bypass authentication in Azure Active Directory B2C, allowing them to access sensitive information or perform unauthorized actions. This is a serious issue because it can lead to data breaches or unauthorized changes to your account. To protect yourself, ensure you are using the latest version of Azure Active Directory B2C and follow recommended security best practices.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions
microsoft	entra_id	All versions `cpe:2.3:a:microsoft:entra_id:-:::::::*`

Original title

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

Original description

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

nvd CVSS3.1 9.1

Vulnerability type

CWE-288 Authentication Bypass Using Alternate Path

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33843

Published: 22 May 2026 · Updated: 28 May 2026 · First seen: 26 May 2026