CVE-2026-31957

Name of the Vulnerable Software and Affected Versions Himmelblau versions 3.0.0 through 3.1.0

Description Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. If Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not limited to the intended tenant. In this scenario, Himmelblau can accept authentication attempts from any Entra ID domain through dynamic provider registration during runtime. This behavior is designed for initial or local setup but introduces risk in remote authentication environments. This can lead to tenant confusion attacks, potentially granting initial access.

Recommendations Versions 3.0.0 through 3.1.0 should be updated to version 3.1.0 or later.