CVE-2026-57100

Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:entra_provisioning_service:-:*:*:*:*:*:*:*

History

08 Jul 2026, 18:34

Type Values Removed Values Added
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57100 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57100 - Vendor Advisory
CPE cpe:2.3:a:microsoft:entra_provisioning_service:-:*:*:*:*:*:*:*
First Time Microsoft
Microsoft entra Provisioning Service

02 Jul 2026, 23:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-02 23:16

Updated : 2026-07-08 18:34


NVD link : CVE-2026-57100

Mitre link : CVE-2026-57100

CVE.ORG link : CVE-2026-57100


JSON object : View

Products Affected

microsoft

  • entra_provisioning_service
CWE
CWE-918

Server-Side Request Forgery (SSRF)