CVE-2026-33843

CRITICAL

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

CVSS v3.1 Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Published: 5/22/2026Modified: 5/27/2026

Related Intelligence (1)

CRITICALVulnerability

NVD CRITICAL: CVE-2026-33843 — Authentication bypass using an alternate path or channel in Microsoft Azure Acti...

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-33843

May 22, 2026NIST NVD

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33843Vendor Advisory