Server-Side Request Forgery Vulnerability in Microsoft Entra ID Entitlement Management
CVE-2026-35431

10CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Entra
Vendor: CVE Published:; 23 April 2026

What is CVE-2026-35431?

A server-side request forgery (SSRF) vulnerability exists in Microsoft Entra ID Entitlement Management that enables unauthorized attackers to manipulate requests and potentially facilitate network spoofing. This weakness can lead to a breach of sensitive information and compromise the integrity of network systems if exploited. It is crucial for users to be aware of this vulnerability and apply necessary patches to safeguard their environments.

Affected Version(s)

Microsoft Entra -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Apr 2, 2026

CVE-2026-35431 Data

JSON