Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
An attacker without any authentication, acting remotely over the network, can cause the server to send HTTP requests on their behalf to any network resources — both internal and external. The SSRF mechanism in Microsoft Entra ID Entitlement Management does not require user interaction or any permissions, meaning full exposure to external attack. The vulnerability has a changed scope (Scope: Changed), indicating that the impact may extend beyond the directly attacked component.
An attacker can conduct identity or network request spoofing, potentially gaining access to internal infrastructure resources, configuration data, or other services not directly accessible from outside. Complete CVSS assessments indicate the possibility of high-level breaches of confidentiality, integrity, and availability.
Apply patches available from the manufacturer according to the references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35431. Since the service is managed by Microsoft (cloud), updates may be deployed automatically on the provider's side — it is recommended to verify the patch status in the Microsoft Security Response Center.
Microsoft Entra ID (Entitlement Management module) — specific versions indicated in the manufacturer's references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HMicrosoft Entra Id
APPMicrosoftwszystkie wersje
Related vulnerabilities
Obejście uwierzytelnienia w Microsoft Azure Active Directory B2C
Błąd walidacji źródła w Microsoft Entra ID umożliwia privilege escalation
Ujawnienie wrażliwych danych w Azure Entra ID umożliwiające spoofing
Microsoft Entra ID — Elevation of Privilege (nieautoryzowane podwyższenie uprawnień)
Eskalacja uprawnień w Microsoft Azure Entra ID (CVE-2025-59246)