{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0948", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2026-01-14T16:52:33.298Z", "datePublished": "2026-02-04T20:26:02.605Z", "dateUpdated": "2026-02-04T21:23:18.337Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.drupal.org/project/social_auth_entra_id", "defaultStatus": "unaffected", "product": "Microsoft Entra ID SSO Login", "repo": "https://git.drupalcode.org/project/social_auth_entra_id", "vendor": "Drupal", "versions": [{"lessThan": "1.0.4", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Ashish Verma (ashish.verma85)"}, {"lang": "en", "type": "finder", "value": "Dheeraj Jhamtani (dheeraj jhamtani)"}, {"lang": "en", "type": "finder", "value": "Marcelo Vani (marcelovani)"}, {"lang": "en", "type": "remediation developer", "value": "Jaseer Kinangattil (jaseerkinangattil)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}], "datePublic": "2026-01-14T17:57:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.<p>This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4.</p>"}], "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-02-04T20:26:02.605Z"}, "references": [{"url": "https://www.drupal.org/sa-contrib-2026-005"}], "source": {"discovery": "UNKNOWN"}, "title": "Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-04T21:23:14.854904Z", "id": "CVE-2026-0948", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T21:23:18.337Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-0948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-04T21:23:14.854904Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T21:22:13.568Z"}}], "cna": {"title": "Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Ashish Verma (ashish.verma85)"}, {"lang": "en", "type": "finder", "value": "Dheeraj Jhamtani (dheeraj jhamtani)"}, {"lang": "en", "type": "finder", "value": "Marcelo Vani (marcelovani)"}, {"lang": "en", "type": "remediation developer", "value": "Jaseer Kinangattil (jaseerkinangattil)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/social_auth_entra_id", "vendor": "Drupal", "product": "Microsoft Entra ID SSO Login", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.0.4", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/social_auth_entra_id", "defaultStatus": "unaffected"}], "datePublic": "2026-01-14T17:57:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2026-005"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4.", "supportingMedia": [{"type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.<p>This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-02-04T20:26:02.605Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0948", "state": "PUBLISHED", "dateUpdated": "2026-02-04T21:23:18.337Z", "dateReserved": "2026-01-14T16:52:33.298Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2026-02-04T20:26:02.605Z", "assignerShortName": "drupal"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jaseerkinangattil:microsoft_entra_id_sso_login:*:*:*:*:*:drupal:*:*", "matchCriteriaId": "CFDD1628-B784-43DF-866F-2899957BF5BB", "versionEndExcluding": "1.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4."}], "id": "CVE-2026-0948", "lastModified": "2026-02-11T19:19:14.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-04T21:15:59.143", "references": [{"source": "mlhess@drupal.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-contrib-2026-005"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T23:14:12.432190+00:00", "value": {"mitigation_remediation": ["Upgrade Microsoft Entra ID SSO Login to version 1.0.4 or later as released by Drupal.", "If an update is not yet available, limit access to the SSO login endpoint by placing it behind a firewall or VPN to reduce exposure to untrusted networks.", "Continuously monitor authentication logs for abnormal login attempts or successful logins that result in elevated privileges, and investigate any suspicious activity promptly."], "summary": {"action": "Patch Now", "impact": "Authentication Bypass leading to Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Drupal users running the Microsoft Entra ID SSO Login module before version 1.0.4 are vulnerable. The affected module versions span from the initial release (0.0.0) through the pre\u20111.0.4 series.", "description_and_impact": "This vulnerability allows an attacker to bypass the standard authentication flow in the Microsoft Entra ID SSO Login integration for Drupal by using an alternate path or channel, thereby achieving higher privileges than originally intended. The weakness is related to inadequate control of authentication mechanisms (CWE\u2011288). The result is that an attacker can authenticate as a privileged user without providing valid credentials.", "risk_and_exploitability": "The CVSS score is 6.5, indicating a moderate level of severity. The EPSS score is less than 1%, signaling that exploitation is expected to be rare at this time. This issue is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is remote, likely through web requests to the SSO endpoint, and requires no special privileges or prior access. An attacker can trigger the bypass by crafting a request that follows the unvalidated alternate channel."}}}}, "created": "2026-02-05T11:39:45.002331+00:00", "updated": "2026-04-17T23:15:30.813895+00:00", "vendors": ["drupal", "drupal$PRODUCT$microsoft_entra_id_sso_login"]}