🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-50355 is a Denial of Service vulnerability affecting Windows Active Directory Federation Services (AD FS), a widely used authentication and identity federation component in Microsoft and Azure environments. The latest update revises product information in the software update table, representing an informational change rather than a new patch or changed severity. Organisations relying on AD FS for federated identity — including hybrid Azure AD deployments — should review their exposure to service disruption.

Security Architect’s Take: Review your AD FS infrastructure to confirm all relevant patches from the original advisory are applied, and validate that your AD FS endpoints are not directly internet-exposed without appropriate WAF or proxy protections to reduce DoS attack surface.

Original advisory: CVE-2026-50355 Windows Active Directory Federation Services Denial of Service Vulnerability