Authentication Bypass in Microsoft Azure Active Directory B2C
CVE-2026-33843

9.1CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Entra
Vendor: CVE Published:; 22 May 2026

What is CVE-2026-33843?

A vulnerability exists in Microsoft Azure Active Directory B2C that enables an unauthorized attacker to bypass authentication using an alternate path or channel. This flaw may allow the attacker to gain elevated privileges over a network, potentially compromising sensitive information and resources. It is crucial for organizations utilizing Azure Active Directory B2C to implement the latest security updates to mitigate this risk and protect against unauthorized access.

Affected Version(s)

Microsoft Entra -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
Mar 24, 2026

CVE-2026-33843 Data

JSON