Microsoft has fixed CVE-2026-50684, a cross-site scripting vulnerability in Active Directory Federation Services that can let an authenticated attacker spoof content presented through an AD FS web flow. The flaw carries a CVSS 3.1 score of 4.8, placing it in the Medium severity band, but its...