← back
CVE-2026-0948

Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005

CVSS 6.5 MEDIUMEPSS 0.2%CWE-288
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
Drupal · Microsoft Entra ID SSO Login

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.drupal.org/sa-contrib-2026-005