CVE-2026-41103
CRITICALMicrosoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
Title source: cnaDescription
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
patch
Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41103
Scores
CVSS v3
9.1
EPSS
0.0017
EPSS Percentile
38.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-303
Status
published
Products (4)
microsoft/confluence_saml_sso
< 7.4.0
microsoft/jira_saml_sso
< 1.3.3
Microsoft/Microsoft Confluence SAML SSO plugin
1.0.0 - 7.4.0
Microsoft/Microsoft JIRA SAML SSO plugin
1.0.0 - 1.3.3
Published
May 12, 2026
Tracked Since
May 12, 2026