Jul 2026: Active Directory Federation Server Spoofing Vulnerability
CVE-2026-50684 Published on July 14, 2026

Active Directory Federation Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Active Directory Federation Services (AD FS) allows an authorized attacker to perform spoofing over a network.

Vendor Advisory NVD

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2026-50684 has been classified to as a XSS vulnerability or weakness.


Products Associated with CVE-2026-50684

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

 
 
 
 
 
 
 

Affected Versions

Microsoft Windows 10 Version 1607: Microsoft Windows 10 Version 1809: Microsoft Windows Server 2012: Microsoft Windows Server 2012 (Server Core installation): Microsoft Windows Server 2012 R2: Microsoft Windows Server 2012 R2 (Server Core installation): Microsoft Windows Server 2016: Microsoft Windows Server 2016 (Server Core installation): Microsoft Windows Server 2019: Microsoft Windows Server 2019 (Server Core installation): Microsoft Windows Server 2022: Microsoft Windows Server 2025: Microsoft Windows Server 2025 (Server Core installation):