🟠 High | Source: Microsoft Security Response Center
CVE-2026-50647 is a Denial of Service vulnerability affecting Microsoft’s Active Directory Federation Services (AD FS). A successful exploit could allow an attacker to disrupt authentication services, potentially rendering federated identity and single sign-on capabilities unavailable. This is particularly significant for organisations relying on AD FS for hybrid identity scenarios connecting on-premises environments to Azure and Microsoft 365.
Security Architect’s Take: Review your AD FS infrastructure and apply the relevant patches listed in the updated Software Update table immediately; additionally, consider whether your architecture can shift federated authentication workloads to Azure AD (Entra ID) native authentication to reduce reliance on AD FS as an attack surface.
Original advisory: CVE-2026-50647 Active Directory Federation Server Denial of Service Vulnerability