CVE-2026-41103 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: May 12, 2026
Microsoft SSO Plugin for Jira & Confluence - Authentication Bypass
Published: May 12, 2026Updated: May 12, 2026Remote Exploitable
Overview
Microsoft SSO Plugin for Jira & Confluence contains a broken authentication caused by incorrect implementation of authentication algorithm, letting unauthorized attackers elevate privileges over a network, exploit requires network access.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Unauthorized attackers can elevate privileges over the network, potentially gaining unauthorized access or control.
Mitigation
Update to the latest version of Microsoft SSO Plugin for Jira & Confluence.
Related Resources
Details
- CVE ID
- CVE-2026-41103
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- broken_authentication
- Status
- new
CWE
- CWE-303
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N