Description
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
Published: 2026-05-12
Score: 9.1 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an incorrect implementation of the authentication algorithm in the Microsoft SSO Plugin for Jira and Confluence. An attacker who can reach the authentication flow can manipulate the process and gain higher privileges than intended, allowing unauthorized access to protected resources over the network.

Affected Systems

The flaw affects Microsoft’s Confluence SAML SSO plugin and JIRA SAML SSO plugin. No specific version information is supplied, so all deployments of these plugins are potentially impacted until a patch is applied.

Risk and Exploitability

The CVSS score is 9.1, indicating a high severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack path involves network‑based interaction with the authentication component, where a remote attacker can forge or tamper with authentication assertions to elevate privileges.

Generated by OpenCVE AI on May 12, 2026 at 20:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft security update for the Confluence SAML SSO plugin and the JIRA SAML SSO plugin using the Microsoft Security Response Center update guide
  • Restrict or audit SSO configurations to enforce least‑privilege access until the patch is deployed
  • Disable the SSO plugin and revert to manual or alternative authentication until the patch becomes available

Generated by OpenCVE AI on May 12, 2026 at 20:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
Title Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft confluence Saml Sso Plugin
Microsoft jira Saml Sso Plugin
Weaknesses CWE-303
CPEs cpe:2.3:a:microsoft:confluence_saml_sso_plugin:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:jira_saml_sso_plugin:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft confluence Saml Sso Plugin
Microsoft jira Saml Sso Plugin
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Confluence Saml Sso Plugin Jira Saml Sso Plugin
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-13T03:57:32.000Z

Reserved: 2026-04-16T19:12:36.195Z

Link: CVE-2026-41103

cve-icon Vulnrichment

Updated: 2026-05-12T18:57:42.904Z

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:21.887

Modified: 2026-05-12T18:17:21.887

Link: CVE-2026-41103

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:45:23Z

Weaknesses