Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.9

CVE-2026-57100: Microsoft Entra Provisioning Service allows attackers to gain extra access

CVE-2026-57100 CVE-2026-57100
Summary

An authorized attacker can use a Microsoft Entra Provisioning Service (SyncFabric) to gain extra access to a network. This is a concern because it allows an attacker to do things they shouldn't be able to do. To stay safe, ensure that the Microsoft Entra Provisioning Service is properly configured and up to date.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versions
microsoft microsoft entra provisioning service -
Original title
Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability
Original description
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
mitre CVSS3.1 9.9
Vulnerability type
CWE-918 Server-Side Request Forgery (SSRF)
Published: 2 Jul 2026 · Updated: 5 Jul 2026 · First seen: 2 Jul 2026