Description
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-05-07
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can control an external resource reference that triggers a spoofing action within Microsoft Partner Center. This flaw permits unauthorized users to masquerade as legitimate entities in the platform, potentially leading to fraudulent transactions, data manipulation, and impersonation of partner accounts. The weakness maps to CWE-610, indicating improper restriction of external entity references. The vulnerability could compromise confidentiality, integrity, and availability of Partner Center operations.

Affected Systems

Microsoft Partner Center is affected, all current releases are vulnerable. No specific version list is provided, so administrators should verify all instances of Partner Center for potential impact.

Risk and Exploitability

The CVSS base score is 8.2, indicating high severity if exploited. The EPSS score is not available, but the lack of KEV listing suggests it has not yet been publicly exploited. The likely attack vector is remote over the network, exploiting the externally controllable resource reference. The impact would enable the attacker to gain privileges and impersonate legitimate partners, posing a significant risk to the integrity and trust of the platform.

Generated by OpenCVE AI on May 7, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Partner Center update that addresses the external reference issue.
  • Restrict or remove external references to resources outside the Partner Center environment, ensuring strict validation of any external inputs.
  • Enable and configure network security monitoring to detect spoofing attempts, including logging authentication events and validating participant identities.

Generated by OpenCVE AI on May 7, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
Title Microsoft Partner Center Spoofing Vulnerability
First Time appeared Microsoft
Microsoft partner Center
Weaknesses CWE-610
CPEs cpe:2.3:a:microsoft:partner_center:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft partner Center
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Partner Center
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-07T20:58:54.185Z

Reserved: 2026-03-26T21:02:16.445Z

Link: CVE-2026-34327

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-07T22:16:34.540

Modified: 2026-05-07T22:16:34.540

Link: CVE-2026-34327

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T23:00:07Z

Weaknesses