CVE-2026-34182: Azure CMS AuthEnvelopedData Forgery Flaw
🟠 High | Source: Microsoft Security Response Center CVE-2026-34182 is a vulnerability in CMS (Cryptographic Message Syntax) AuthEnvelopedData processing that may allow an attacker to submit forged encrypted messages that are incorrectly accepted as valid. This undermines the integrity guarantees of authenticated encryption, potentially enabling an attacker to bypass message authentication checks. The flaw is particularly concerning in any Azure service or component that relies on CMS for secure message handling. ...