Microsoft discloses SSRF flaws in Purview, Entra ID, and Dynamics 365 Online
Microsoft published three high-severity cloud-service vulnerabilities affecting Microsoft Purview eDiscovery, Microsoft Entra ID Entitlement Management, and Microsoft Dynamics 365 Online. The flaws are tracked as CVE-2026-26150, CVE-2026-35431, and CVE-2026-32210, and all are classified as server-side request forgery (SSRF) under CWE-918. Microsoft tagged each issue as affecting an exclusively hosted service, indicating exposure in Microsoft-managed online environments rather than on-premises deployments.
According to the CVE records, CVE-2026-26150 could let an unauthorized attacker elevate privileges over a network in Purview eDiscovery, while CVE-2026-35431 and CVE-2026-32210 could enable spoofing in Entra ID Entitlement Management and Dynamics 365 Online. The published CVSS v3.1 vectors show low attack complexity and no required privileges across all three issues, with Entra ID carrying the broadest potential impact to confidentiality, integrity, and availability, and Dynamics 365 requiring user interaction. Microsoft linked the disclosures to its Security Response Center guidance for customer tracking and remediation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes CVE-2026-35431 for Entra ID Entitlement Management SSRF spoofing flaw
On 2026-04-23, Microsoft published CVE-2026-35431 affecting Microsoft Entra ID Entitlement Management. The issue is described as an SSRF vulnerability that could allow an unauthorized attacker to perform spoofing over a network.
Microsoft publishes CVE-2026-32210 for Dynamics 365 Online SSRF spoofing flaw
On 2026-04-23, Microsoft published CVE-2026-32210 affecting Microsoft Dynamics 365 Online. The vulnerability is described as an SSRF issue that could let an unauthorized attacker perform spoofing over a network.
Microsoft publishes CVE-2026-26150 for Purview eDiscovery SSRF privilege escalation
On 2026-04-23, Microsoft published CVE-2026-26150 affecting Microsoft Purview eDiscovery. The flaw is described as a server-side request forgery vulnerability that could allow an unauthorized attacker to elevate privileges over a network.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
CVE-2026-26150 - Microsoft Purview eDiscovery Elevation of Privilege Vulnerability
cvefeed.io
Open sourceCVE-2026-35431 - Microsoft Entra ID Entitlement Management Spoofing Vulnerability
cvefeed.io
Open sourceCVE-2026-32210 - Microsoft Dynamics 365 (online) Spoofing Vulnerability
cvefeed.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Fixes Privilege Escalation and Spoofing Flaws in Azure Databricks and Cloud Services
Microsoft disclosed three cloud-service vulnerabilities affecting **Azure Databricks**, **Microsoft Purview eDiscovery**, and **Microsoft Entra ID Entitlement Management**. The issues are tracked as **`CVE-2026-33107`**, an elevation-of-privilege flaw in Azure Databricks; **`CVE-2026-26150`**, an elevation-of-privilege flaw in Microsoft Purview eDiscovery; and **`CVE-2026-35431`**, a spoofing flaw in Microsoft Entra ID Entitlement Management. Microsoft published the advisories through its Security Update Guide, indicating that multiple enterprise cloud components required security attention at the same time. The affected products span analytics, compliance, and identity governance functions that are widely used in Microsoft-centric environments. While Microsoft provided limited public technical detail in the advisories, the vulnerability classifications indicate potential risks including unauthorized privilege gains in Databricks and Purview workflows, as well as identity or trust abuse scenarios involving Entra ID Entitlement Management. Organizations using these services should review the relevant Microsoft advisories, assess exposure in tenant configurations, and apply available mitigations or service updates through normal cloud security and change-management processes.
Apr 23, 2026
Microsoft Discloses Elevation-of-Privilege Flaws Across Azure Services
Microsoft has published multiple Security Update Guide entries for elevation-of-privilege vulnerabilities affecting cloud services including **Azure Resource Manager**, **Azure Entra ID**, **Azure AI Foundry**, and **Redis Enterprise**. The disclosed issues include `CVE-2026-47280` and `CVE-2026-24304` in Azure Resource Manager, `CVE-2026-24305` and `CVE-2025-55241` in Azure Entra ID, `CVE-2025-59271` in Redis Enterprise, and `CVE-2026-35435` in Azure AI Foundry, indicating a broader set of privilege-boundary weaknesses across Microsoft-managed platforms. Microsoft provided the most detail for **CVE-2026-35435**, describing it as a **critical** improper access control flaw in Azure AI Foundry M365 published agents that could be exploited remotely over the network without privileges or user interaction, with potential for high confidentiality impact. The company said exploitation was considered more likely, but the vulnerability had not been publicly disclosed or exploited at publication time, and the service-side issue was already fully mitigated with **no customer action required**; the remaining CVEs were listed with limited public detail in the update guide.
May 25, 2026
Microsoft Discloses Elevation of Privilege Flaws in MMC, Partner Center, and Microsoft 365 Copilot
Microsoft published security advisories for three **elevation of privilege** vulnerabilities affecting **Microsoft Management Console**, **Microsoft Partner Center**, and **Microsoft 365 Copilot**. The issues are tracked as `CVE-2026-27914`, `CVE-2026-24303`, and `CVE-2026-33102`, respectively, and were added to the Microsoft Security Update Guide as separate product-specific flaws. The disclosures indicate that both on-premises administrative tooling and cloud-connected Microsoft services are affected by privilege-escalation weaknesses. While Microsoft did not provide public synopses in the referenced advisories, the listings identify the impacted products and classify each issue as an elevation of privilege vulnerability, signaling potential risk to administrators, partners, and enterprise users relying on those platforms.
Apr 23, 2026