- 101/2026
- Critical
Microsoft has released security updates to address several vulnerabilities affecting multiple Microsoft products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, conduct server-side request forgery attacks, execute arbitrary code, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Microsoft Entra ID Spoofing Vulnerability (CVE-2026-35431):
- CVSS: 10.0
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Server-Side Request Forgery
2. Microsoft Bing Remote Code Execution Vulnerability (CVE-2026-33819):
- CVSS: 10.0
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Sample of the affected products:
- Azure IOT Central.
- Microsoft Power Apps.
- Microsoft Entra ID.
- Microsoft Bing.
- Microsoft Dynamics 365 (online).
Vulnerabilities
- CVE-2026-21515
- CVE-2026-32172
- CVE-2026-35431
- CVE-2026-24303
- CVE-2026-26150
- CVE-2026-33819
- CVE-2026-33102
- CVE-2026-32210
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.