Local Privilege Escalation in Himmelblau Suite for Microsoft Azure Entra ID and Intune
CVE-2026-31979

8.8HIGH

Key Information:

Vendor: Himmelblau-idm
Status: Himmelblau
Vendor: CVE Published:; 11 March 2026

🔔 Create Himmelblau-idm Vulnerability Alert

What is CVE-2026-31979?

The Himmelblau Interoperability Suite for Microsoft Azure Entra ID and Intune contains a local privilege escalation vulnerability due to inadequate symlink protections in the himmelblaud-tasks daemon. This component, which operates with root privileges, can write Kerberos cache files to a directory that is accessible to local users. By exploiting this flaw via symlink attacks, an attacker can overwrite or change the ownership of arbitrary files on the system. The issue occurs prior to version 3.1.0 and 2.3.8, where protections were implemented to mitigate such risks. Users are advised to update to the latest versions to safeguard against potential exploits.

Affected Version(s)

himmelblau >= 1.0.0, < 2.3.8 < 1.0.0, 2.3.8

himmelblau >= 3.0.0-alpha, < 3.1.0 < 3.0.0-alpha, 3.1.0

References

https://github.com/himmelblau-idm/himmelblau/security/adv...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2026
Vulnerability Reserved
Mar 10, 2026

CVE-2026-31979 Data

JSON