—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Elevation of Privilege Vulnerability in Microsoft Entra ID (Microsoft Azure Active Directory)

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Azure Active Directory

Overview

A vulnerability has been reported in Microsoft Entra ID (Microsoft Azure Active Directory) which could allow an unauthorized attacker to gain elevate privileges over a network.

Target Audience:

All organizations and individuals using affected Microsoft Azure Active Directory.

Risk Assessment:

High risk to unauthorized access, information disclosure and system compromise.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the affected system.

Description

Microsoft Azure Active Directory (Azure AD), now known as Microsoft Entra ID, is a cloud-based identity and access management service that helps organizations securely manage user authentication and access to applications and resources.

A vulnerability exists in the Microsoft Entra ID (Microsoft Azure Active Directory) due to Improper authentication.

Successful exploitation of the vulnerability could allow an unauthorized attacker to gain elevate privileges over a network.

Solution

Apply appropriate updates as mentioned by the vendor:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45480

Vendor Information

Microsoft

https://www.microsoft.com/en-in/

References

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45480

CVE Name

CVE-2026-45480

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmo6mr0ACgkQ3jCgcSdc

ys9MchAAlJVPlvp8UO/U4B3NDFh0aekeKlkGAjFeJq1RBInelGMyy9wxnLVx0VId

GauqqzPnxeLJMM0Z7JGjmyklvsMZWH7V+MNi5svStBRz6kHIKS4sKu04VOb4MRgA

E4Ay5c0OabN1bdWDpvydzjSUJRhIhNMyBwoOGGDjMAgsbIZGc8/dMTQtzUfe6aJU

hZLR5RVvRMP6AFA9OttobuJPqI3R58GjoJpETKWqR1XLXrvMzlQ4ZrTV+CyDPBQZ

2AGLVwIGkuv10noMfS52nddDHdOaS+P2BDJG8OZ39Vhi32V7cDqd8ELEPHs6U4Lc

AGtURGv0V+H3GXc/oRStiLn2pK8Op8L+Bns2iqHrx4LNkTnbtLoNU2VOmlmF9QGR

KNlosXmcZNIicJMrU9wtVb6PNy2YncOoqC1cgUh7kqHP+yfcGB1DUbSuiU8/7Kjg

rHufB8hZT8/rWgpPSw+KYkMBtiw2CVGFz98bnoPHDBXIVwRxB+ZwZysamJSoIVN3

rmnC3UquWxymH3EhSUY/elqLH42veHwPuVIP0qeS1i3IZQET9DocitpfW7Jyh7+W

6JNlZ0NABvlCIOSx8hytEkq4uKkxFM3Q/vEsPCoxy0CyruIMtsfNRyFRQAN/Lehm

ZXwiXX4oRh1QxIhBvdXpV8yaTe9kVjxm8KGrFyQ1fbs2E0iTFA8=

=RD5z

—–END PGP SIGNATURE—–