Information Disclosure Vulnerability in Microsoft Authenticator
CVE-2026-26123

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Authenticator For Android; Microsoft Authenticator For iOS
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-26123?

An information disclosure vulnerability exists in Microsoft Authenticator, which could allow an unauthorized attacker to obtain sensitive information locally. This flaw may permit malicious actors to exploit the application, posing a risk to user data integrity. Users are advised to review their Authenticator settings and ensure they are on the latest version to mitigate potential threats.

Affected Version(s)

Microsoft Authenticator for Android 6.0.0 < 6.2511.7533

Microsoft Authenticator for IOS 6.0.0 < 6.8.40

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Feb 11, 2026

CVE-2026-26123 Data

JSON