PT-2026-40242 · Microsoft · Sso Plugin For Jira & Confluence
Published
2026-05-12
·
Updated
2026-05-25
·
CVE-2026-41103
CVSS v2.0
9.4
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft SSO Plugin for Jira & Confluence (affected versions not specified)
Description
An incorrect implementation of the authentication algorithm allows an unauthorized attacker to forge login responses and bypass Entra ID. This enables the attacker to impersonate any user and elevate privileges over a network. Millions of Atlassian organizations are potentially exposed.
Recommendations
Apply the May 2026 Patch Tuesday updates.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sso Plugin For Jira & Confluence