CVE-2021-36949

HIGH

Microsoft Azure Active Directory Connect 1.3.20.0-1.6.11.3 - Authentication Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-36949. PoCs published by Maxwitat.

AI-analyzed exploit summary This PowerShell script checks if the installed Azure AD Connect version is vulnerable to CVE-2021-36949 by querying the global settings and comparing the version number. It also checks if AutoUpgrade is enabled but does not exploit the vulnerability.

Description

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability

Exploits (1)

nomisec SCANNER 3 stars
by Maxwitat · poc
https://github.com/Maxwitat/Check-AAD-Connect-for-CVE-2021-36949-vulnerability

This PowerShell script checks if the installed Azure AD Connect version is vulnerable to CVE-2021-36949 by querying the global settings and comparing the version number. It also checks if AutoUpgrade is enabled but does not exploit the vulnerability.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Azure AD Connect versions 1.6.4.0 and 2.0.3.0
Auth required
Prerequisites: Access to the server where Azure AD Connect is installed · PowerShell execution privileges
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.1
EPSS 0.0120
EPSS Percentile 64.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (2)
microsoft/azure_active_directory_connect 1.3.20.0 - 1.6.11.3
microsoft/azure_active_directory_connect_provisioning_agent < 1.1.582.0
Published Aug 12, 2021
Tracked Since Feb 18, 2026