**Name of the Vulnerable Software and Affected Versions:**

Microsoft Entra ID (formerly Azure Active Directory) (affected versions not specified)

**Description:**

A critical elevation of privilege vulnerability exists in Microsoft Entra ID, potentially allowing attackers to gain higher access through token manipulation. The vulnerability involves flaws in the authentication procedure, specifically related to Actor tokens and a bypass of tenant validation within the Azure AD Graph API. Exploitation could allow an attacker to gain Global Admin control over any tenant. There is no indication of widespread exploitation in the wild at the time of reporting.

**Recommendations:**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.