{"vulnerability": "CVE-2026-42901", "sightings": [{"uuid": "06ea8f73-dbe7-47ed-8378-2e4bf1ad1a34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42901", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1886", "content": "", "creation_timestamp": "2026-05-21T21:00:00.000000Z"}, {"uuid": "d9cc110e-bf2c-4a1d-8f7b-9c6580341681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42901", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmi5exmxxb2y", "content": "CRITICAL: Microsoft Entra origin validation bug (CVSS 10) lets attackers escalate privileges remotely. Patch ASAP \u2014 fix from Microsoft: https://radar.offseq.com/threat/cve-2026-42901-cwe-346-origin-validation-error-in--0744f928 #OffSeq #MicrosoftEntra #VulnAlert", "creation_timestamp": "2026-05-23T00:00:40.422100Z"}, {"uuid": "948d8ad5-f0b3-4c36-a45c-705aa75b08c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42901", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116620947334687576", "content": "\u26a0\ufe0f CRITICAL: CVE-2026-42901 in Microsoft Entra (CVSS 10) enables remote privilege escalation via origin validation error. Patch now to prevent full system compromise! Fix: https://radar.offseq.com/threat/cve-2026-42901-cwe-346-origin-validation-error-in--0744f928 #OffSeq #MicrosoftEntra #Vulnerability #Cybersecurity", "creation_timestamp": "2026-05-23T00:00:41.120035Z"}, {"uuid": "dfa6a8f6-5ea0-404d-b604-e96ef2cd179e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42901", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmijmsbf2r2p", "content": "CVE-2026-42901 - Microsoft Entra ID Elevation of Privilege Vulnerability\nCVE ID : CVE-2026-42901\n \n Published : May 22, 2026, 10:04 p.m. | 2\u00a0hours, 26\u00a0minutes ago\n \n Description : None\n \n Severity: 10.0 | CRITICAL\n \n Visit the link for more details, such as CVSS details, affec...", "creation_timestamp": "2026-05-23T03:39:46.395036Z"}, {"uuid": "07c58898-87a6-4dce-a3df-c3ebe3ba466a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42901", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmtmulazca2q", "content": "\ud83d\udccc CVE-2026-42901 - Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. https://www.cyberhub.blog/cves/CVE-2026-42901", "creation_timestamp": "2026-05-27T13:37:06.224673Z"}]}