{"vulnerability": "cve-2026-42901", "sightings": [{"uuid": "06ea8f73-dbe7-47ed-8378-2e4bf1ad1a34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42901", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1886", "content": "", "creation_timestamp": "2026-05-21T21:00:00.000000Z"}, {"uuid": "d9cc110e-bf2c-4a1d-8f7b-9c6580341681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42901", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmi5exmxxb2y", "content": "CRITICAL: Microsoft Entra origin validation bug (CVSS 10) lets attackers escalate privileges remotely. Patch ASAP \u2014 fix from Microsoft: https://radar.offseq.com/threat/cve-2026-42901-cwe-346-origin-validation-error-in--0744f928 #OffSeq #MicrosoftEntra #VulnAlert", "creation_timestamp": "2026-05-23T00:00:40.422100Z"}, {"uuid": "948d8ad5-f0b3-4c36-a45c-705aa75b08c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42901", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116620947334687576", "content": "\u26a0\ufe0f CRITICAL: CVE-2026-42901 in Microsoft Entra (CVSS 10) enables remote privilege escalation via origin validation error. Patch now to prevent full system compromise! Fix: https://radar.offseq.com/threat/cve-2026-42901-cwe-346-origin-validation-error-in--0744f928 #OffSeq #MicrosoftEntra #Vulnerability #Cybersecurity", "creation_timestamp": "2026-05-23T00:00:41.120035Z"}, {"uuid": "dfa6a8f6-5ea0-404d-b604-e96ef2cd179e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42901", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmijmsbf2r2p", "content": "CVE-2026-42901 - Microsoft Entra ID Elevation of Privilege Vulnerability\nCVE ID : CVE-2026-42901\n \n Published : May 22, 2026, 10:04 p.m. | 2\u00a0hours, 26\u00a0minutes ago\n \n Description : None\n \n Severity: 10.0 | CRITICAL\n \n Visit the link for more details, such as CVSS details, affec...", "creation_timestamp": "2026-05-23T03:39:46.395036Z"}, {"uuid": "07c58898-87a6-4dce-a3df-c3ebe3ba466a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42901", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmtmulazca2q", "content": "\ud83d\udccc CVE-2026-42901 - Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. https://www.cyberhub.blog/cves/CVE-2026-42901", "creation_timestamp": "2026-05-27T13:37:06.224673Z"}, {"uuid": "ca06eca0-9f6d-4553-b498-08d1dc496a08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42901", "type": "seen", "source": "https://bsky.app/profile/cyberowi.pl/post/3mn7xxa5lmo2g", "content": "\ud83d\udea8 Krytyczna luka w Entra ID (CVE-2026-42901): Eskalacja do admina\n\nLuka z ocen\u0105 CVSS 10.0 w Microsoft Entra ID umo\u017cliwia zdaln\u0105 eskalacj\u0119 uprawnie\u0144. Atakuj\u0105cy mo\u017ce przej\u0105\u0107 kontrol\u0119 nad\n\nhttps://cyberowi.pl/krytyczna-luka-w-entra-id-cve-2026-42901-eskalacja-do-admina/\n\n#cyberbezpieczenstwo", "creation_timestamp": "2026-06-01T11:27:22.615470Z"}, {"uuid": "01044c3d-d76f-4004-b8cc-4dccb54cc40d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42901", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3moj7m4amvr2t", "content": "\ud83d\udea8 HIGH: CVE-2026-42901\n\nCVSS 10.0/10\n\n\ud83d\udccb WHAT IT IS:\nOrigin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.\n\n\ud83c\udfaf WHO'S AFFECTED:\n  \u2022 Entra Id\n\n\u2694\ufe0f HOW IT'S EXPLOITED:\nAttack: unknown vector\nImpact: varies\n\n\u2705 WHAT TO DO:\n  1. Check if you're ru", "creation_timestamp": "2026-06-17T21:03:28.618864Z"}, {"uuid": "39a83b6f-b793-4cef-b8ab-9a09324b25a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42901", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motndnitg22v", "content": "\ud83d\udea8  ALERT: CVE-2026-42901\n\nCVSS 10.0/10\n\n\ud83d\udccb WHAT IT IS:\nOrigin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.\n\n\ud83c\udfaf WHO'S AFFECTED:\n  \u2022 Entra Id\n\n\u2694\ufe0f HOW IT'S EXPLOITED:\nAttack vector: unknown\nImpact: high impact on confidentiality, integrity, ", "creation_timestamp": "2026-06-22T00:35:55.066185Z"}]}