OAuth 2.0 Authorization Weaknesses in Azure Active Directory Authentication Plugin
CVE-2026-56425

9.3CRITICAL

Key Information:

Vendor: Misp
Status: Misp
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-56425?

The Azure Active Directory authentication implementation exposes several critical weaknesses in its OAuth 2.0 flow. These vulnerabilities can lead to session hijacking and session fixation attacks by allowing the use of long-lived PHP session identifiers as the OAuth state parameter, potentially leaking them through channels like browser history and HTTP Referer headers. Additionally, the lack of session identifier rotation after authentication further heightens the risk of session fixation. The use of a non-single-use nonce for the OAuth state weakens CSRF protections and increases susceptibility to replay attacks. Furthermore, not enforcing HTTPS for redirect URIs risks exposing sensitive tokens in plaintext while malformed error responses could cause log injection vulnerabilities. Thankfully, recent patches have introduced robust security controls including cryptographically secure state values, single-use state validation, and enhanced logging sanitization.

Affected Version(s)

misp 0 <= 2.5.41

References

https://github.com/MISP/MISP/commit/146bc40ad6e10a44f01e8...

patch

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 22, 2026

Credit

Cormac Doherty

Andras Iklody

CVE-2026-56425 Data

JSON

Misp

What is CVE-2026-56425?

Affected Version(s)

References

CVSS V4

Timeline

Credit