Information Disclosure Vulnerability in Microsoft Authenticator by Microsoft
CVE-2026-41615

9.6CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Authenticator For Android; Microsoft Authenticator For iOS
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-41615?

A vulnerability in Microsoft Authenticator permits unauthorized actors to access sensitive information during network transmission. This issue compromises user data security, allowing attackers to potentially exploit exposed information. Users of Microsoft Authenticator are urged to review security measures and apply updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Microsoft Authenticator for Android 6.0.0 < 6.2605.2973

Microsoft Authenticator for IOS 6.0.0 < 6.8.47

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Apr 21, 2026

CVE-2026-41615 Data

JSON