Home / Vulnerability Intelligence / CVE-2026-26148

CVE-2026-26148 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 11, 2026

Azure Entra ID - Broken Access Control

Published: March 10, 2026Updated: March 11, 2026

Overview

Azure Entra ID contains a broken access control vulnerability caused by external initialization of trusted variables or data stores, letting unauthorized attackers elevate privileges locally, exploit requires local access.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 7.7%(Probability of exploitation in next 30 days)

Impact

Unauthorized attackers can elevate privileges locally, potentially gaining higher access rights on the system.

Mitigation

Update to the latest version of Azure Entra ID.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26148

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 10, 2026

🟠 CVE-2026-26148 - High (8.1) External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26148/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-26148
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: unconfirmed
EPSS: 7.7%
Social Posts: 1

CWE

CWE-454

CVSS Metrics

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

7.7%Probability of exploitation in the next 30 days