Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-42901: Microsoft Entra ID Origin Validation Error

CVE-2026-42901

Summary

An error in Microsoft Entra ID's origin validation allows an unauthorized attacker to gain elevated network access. This means that an attacker could potentially access sensitive information or take control of a network. To protect your network, ensure that you are using the latest version of Microsoft Entra ID and follow best practices for secure configuration.

Original title

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.

Original description

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.

nvd CVSS3.1 10.0

Vulnerability type

CWE-346

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42901

Published: 22 May 2026 · Updated: 28 May 2026 · First seen: 26 May 2026