Server-Side Request Forgery in Microsoft Entra Provisioning Service by Microsoft
CVE-2026-57100
9.9CRITICAL
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 2 July 2026
What is CVE-2026-57100?
A server-side request forgery (SSRF) vulnerability exists in Microsoft Entra Provisioning Service (SyncFabric). This flaw allows an authorized attacker to make unauthorized requests over a network, potentially leading to elevated privileges. It's essential for users to assess and mitigate this vulnerability to protect their network environment.
Affected Version(s)
Microsoft Entra Provisioning Service -