CVE-2026-57100
Microsoft Entra Provisioning SSRF Vulnerability Allows Privilege Escalation
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A server-side request forgery vulnerability exists in Microsoft Entra Provisioning Service, which could permit an authenticated attacker to elevate privileges over a network. This threat is relevant if your organization uses this service, as it might allow unauthorized access or control when exploited.