🟠 High | Source: Microsoft Security Response Center
A server-side request forgery (SSRF) vulnerability in Microsoft Entra’s Provisioning Service (SyncFabric) allows an already-authenticated attacker to escalate their privileges over a network. Because the attack originates from within an authorised context, it could be exploited by a compromised account or malicious insider to gain elevated access to identity provisioning workflows. This is particularly concerning given Entra’s central role in managing user identities and access across cloud and hybrid environments.
Security Architect’s Take: Review audit logs in Microsoft Entra for anomalous provisioning activity or unexpected outbound requests from SyncFabric, and apply any available Microsoft patches immediately. Until patched, consider restricting network-level access to the provisioning service and enforcing least-privilege principles on accounts with provisioning roles.
Original advisory: CVE-2026-57100 Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability