CVE Catalog

CVE-2026-57100

CriticalCVSS 9.9
Published: Translated: NVD NIST

Summary

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

Risk Assessment

An attacker could exploit this vulnerability to send requests to internal network resources, potentially leading to unauthorized access to sensitive data or systems.

Recommendation

Apply security updates provided by Microsoft for Microsoft Entra Provisioning Service (SyncFabric) immediately.

Original NVD description (English source)

Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS