Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
CVE-2026-57100: Microsoft Entra Provisioning Service allows attackers to gain extra access
CVE-2026-57100
CVE-2026-57100
Summary
An authorized attacker can use a Microsoft Entra Provisioning Service (SyncFabric) to gain extra access to a network. This is a concern because it allows an attacker to do things they shouldn't be able to do. To stay safe, ensure that the Microsoft Entra Provisioning Service is properly configured and up to date.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| microsoft | microsoft entra provisioning service | - |
Original title
Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability
Original description
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
mitre CVSS3.1
9.9
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57100 vendor-advisory patch
Published: 2 Jul 2026 · Updated: 5 Jul 2026 · First seen: 2 Jul 2026