{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31957", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:40:10.480Z", "datePublished": "2026-03-11T19:25:21.230Z", "dateUpdated": "2026-03-12T20:00:41.000Z"}, "containers": {"cna": {"title": "Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments", "problemTypes": [{"descriptions": [{"cweId": "CWE-1188", "lang": "en", "description": "CWE-1188: Insecure Default Initialization of Resource", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-q746-m2wv-qh4v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-q746-m2wv-qh4v"}], "affected": [{"vendor": "himmelblau-idm", "product": "himmelblau", "versions": [{"version": ">= 3.0.0, < 3.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T19:25:21.230Z"}, "descriptions": [{"lang": "en", "value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for arbitrary Entra ID domains by dynamically registering providers at runtime. This behavior is intended for initial/local bootstrap scenarios, but it can create risk in remote authentication environments. This vulnerability is fixed in 3.1.0."}], "source": {"advisory": "GHSA-q746-m2wv-qh4v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T20:00:34.426187Z", "id": "CVE-2026-31957", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T20:00:41.000Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31957", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T20:00:34.426187Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T20:00:37.797Z"}}], "cna": {"title": "Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments", "source": {"advisory": "GHSA-q746-m2wv-qh4v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "himmelblau-idm", "product": "himmelblau", "versions": [{"status": "affected", "version": ">= 3.0.0, < 3.1.0"}]}], "references": [{"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-q746-m2wv-qh4v", "name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-q746-m2wv-qh4v", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for arbitrary Entra ID domains by dynamically registering providers at runtime. This behavior is intended for initial/local bootstrap scenarios, but it can create risk in remote authentication environments. This vulnerability is fixed in 3.1.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1188", "description": "CWE-1188: Insecure Default Initialization of Resource"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T19:25:21.230Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31957", "state": "PUBLISHED", "dateUpdated": "2026-03-12T20:00:41.000Z", "dateReserved": "2026-03-10T15:40:10.480Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-11T19:25:21.230Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:himmelblau-idm:himmelblau:*:*:*:*:*:*:*:*", "matchCriteriaId": "03DC7586-C1E4-47BF-A6D8-90F50C540210", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for arbitrary Entra ID domains by dynamically registering providers at runtime. This behavior is intended for initial/local bootstrap scenarios, but it can create risk in remote authentication environments. This vulnerability is fixed in 3.1.0."}, {"lang": "es", "value": "Himmelblau es una suite de interoperabilidad para Microsoft Azure Entra ID e Intune. Desde 3.0.0 hasta antes de 3.1.0, si Himmelblau se despliega sin un dominio de inquilino configurado en himmelblau.conf, la autenticaci\u00f3n no est\u00e1 limitada al inquilino. En este modo, Himmelblau puede aceptar intentos de autenticaci\u00f3n para dominios arbitrarios de Entra ID mediante el registro din\u00e1mico de proveedores en tiempo de ejecuci\u00f3n. Este comportamiento est\u00e1 previsto para escenarios de arranque inicial/local, pero puede crear riesgo en entornos de autenticaci\u00f3n remota. Esta vulnerabilidad se corrige en 3.1.0."}], "id": "CVE-2026-31957", "lastModified": "2026-03-16T19:39:37.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-11T20:16:16.447", "references": [{"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-q746-m2wv-qh4v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.0.0,3.1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "himmelblau", "source": "cna", "vendor": "himmelblau-idm"}, "product": "himmelblau", "vendor": "himmelblau-idm"}], "analysis": {"en": {"generated_at": "2026-03-17T16:29:02.662621+00:00", "value": {"mitigation_remediation": ["Upgrade Himmelblau to version 3.1.0 or later", "Verify that a tenant domain is configured in himmelblau.conf to enforce tenant\u2011scoped authentication"], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Cross\u2011tenant Authentication"}, "threat_synthesis": {"affected_systems": "Affected versions are Himmelblau 3.0.0 through, but not including, 3.1.0. The product is himmelblau-idm:himmelblau, identified by the CPE string cpe:2.3:a:himmelblau-idm:himmelblau:*:*:*:*:*:*:*:*.", "description_and_impact": "Himmelblau, an interoperability suite for Microsoft Azure Entra ID and Intune, allows authentication to proceed when the per\u2011tenant domain configuration is omitted in the configuration file. In this state the software will accept authentication attempts for any Entra ID domain by dynamically creating a provider during the login process. This unscoped behavior enables an attacker to authenticate as a user from any tenant, effectively bypassing tenant isolation. The weakness corresponds to CWE\u20111188, \"Improper Constrained Use of a Resource.\" The described impact is the ability for an attacker to gain unauthorized access to user accounts and potentially access data within those tenants without legitimate credentials.", "risk_and_exploitability": "The CVSS score of 10 indicates critical severity. The EPSS score is less than 1\u202f%, suggesting a low probability of recent exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote: an attacker only needs to trigger the authentication flow against an instance that lacks a configured tenant domain. Once the flaw is triggered, the attacker can log in as any user from any Entra ID tenant, potentially obtaining full access to that tenant\u2019s resources."}}}}, "created": "2026-03-12T09:56:43.924461+00:00", "updated": "2026-03-20T15:29:18.519267+00:00", "vendors": ["himmelblau-idm", "himmelblau-idm$PRODUCT$himmelblau"]}