CVE-2026-26123

Summary

Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Authenticator for Android6.0.0 < 6.2511.7533affected
MicrosoftMicrosoft Authenticator for IOS6.0.0 < 6.8.40affected

Weaknesses

  • CWE-939: CWE-939: Improper Authorization in Handler for Custom URL Scheme

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References