| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2026-41103 | Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability | Microsoft JIRA, Microsoft Confluence | Critical | 29-05-2026 |
Technical Information
An unauthorized attacker could exploit an incorrect authentication algorithm implementation in the Microsoft SSO Plugin for Jira & Confluence to elevate privileges over the network by sending a specially crafted SSO response that forges a valid user identity and bypasses Microsoft Entra ID authentication.
Patch release date: May 12, 2026
Further information on this vulnerability is available at : CVE-2026-41103
Affected Software
Microsoft JIRA SAML SSO plugin,Microsoft Confluence SAML SSO plugin