Jan 2026: Azure Entra ID Elevation of Privilege Vulnerability
CVE-2026-24305 Published on January 22, 2026

Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability

Vendor Advisory NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-24305 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2026-24305

Want to know whenever a new CVE is published for Microsoft Entra Id? stack.watch will email you.

Microsoft Entra Id
 

Affected Versions

Microsoft Entra Version - is affected by CVE-2026-24305

Exploit Probability

EPSS
0.07%
Percentile
20.35%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.