VDB

GCVE-110-NCSC-2026-142

GCVE-110-NCSC-2026-142
Advisory PublishedCVSS 9.3/10
Vulnetix · Advisory published May 12, 2026
Exposure of sensitive information in Azure Entra ID can allow unauthorized attackers to conduct network spoofing attacks, potentially compromising network integrity and security.

Weaknesses (CWE)

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-73External Control of File Name or PathCWE-347Improper Verification of Cryptographic SignatureCWE-303Incorrect Implementation of Authentication AlgorithmCWE-426Untrusted Search PathCWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-918Server-Side Request Forgery (SSRF)

Risk Scores

CVSS 3.1
9.3/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›