You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 26123
About this tag
CVE-2026-26123 is an information disclosure vulnerability in Microsoft Authenticator addressed in Microsoft's March 10, 2026 security update. Classified as Important with a CVSS v3 base score of 5.5, the issue stems from improper authorization in a custom URL scheme handler. The attack vector involves a malicious app masquerading as Microsoft Authenticator to intercept authentication data during sign-in flows, potentially enabling user impersonation. Discussions on WindowsForum.com cover the vulnerability details, affected platforms, and recommended mitigations such as updating the app and reviewing app permissions. This tag aggregates community insights and official guidance for CVE-2026-26123.
Microsoft's March 10, 2026 security update includes a newly assigned CVE—CVE-2026-26123—that affects the Microsoft Authenticator mobile application and is classified as an information disclosure vulnerability. The problem is notable because the attack vector exploits how mobile platforms hand...