Vulnerability in Linux Entra SSO Browser Plugin for Chrome
CVE-2026-42177

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Linux-entra-sso
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-42177?

The linux-entra-sso browser plugin for Linux is affected by an improper input validation issue in versions prior to 1.8.1. The vulnerability resides in how the Chrome adapter handles network requests with broad host permissions. Specifically, a single declarativeNetRequest rule leads to unintended inclusion of a sensitive cookie (PRT) when a user navigates to URLs containing 'https://login.microsoftonline.com/'. While Firefox has a precautionary check in place, the absence of such a safeguard in Chrome permits the exposure of the token to potentially malicious sites. This issue has been rectified in version 1.8.1.

Affected Version(s)

linux-entra-sso < 1.8.1

References

https://github.com/siemens/linux-entra-sso/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 25, 2026

CVE-2026-42177 Data

JSON

Siemens

What is CVE-2026-42177?

Affected Version(s)

References

CVSS V3.1

Timeline