CVE-2026-31957:

Authentication bypass vulnerability in Himmelblau Azure Entra ID and Intune interoperability suite versions 3.0.0 to 3.1.0.

Score
A numerical rating that indicates how dangerous this vulnerability is.

10.0Critical

Published Date:Mar 11, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Exploitability

Score:3.9
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:NONE
Scope:CHANGED

Impact

Score:6.0
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Authentication bypass vulnerability in Himmelblau Azure Entra ID and Intune interoperability suite versions 3.0.0 to 3.1.0.

Overview

The vulnerability (CVE-2026-31957) affects Himmelblau versions 3.0.0 to 3.1.0. In deployments lacking a specified tenant domain configuration, Himmelblau's authentication mechanism becomes susceptible to abuse. The software can accept authentication attempts for any Entra ID domain by dynamically registering providers at runtime. While this feature is intended for initial or local bootstrap scenarios, it poses significant risks in remote authentication environments. The vulnerability has been assigned a CVSS v3.1 base score of 10.0, indicating critical severity. The attack vector is network-based, requires no privileges or user interaction, and can potentially lead to high impacts on confidentiality, integrity, and availability.

Remediation

To address this vulnerability, users should upgrade Himmelblau to version 3.1.0 or later, which contains a fix for this issue. Additionally, it is crucial to ensure that a tenant domain is always configured in the himmelblau.conf file, even when using versions prior to 3.1.0. This configuration step helps mitigate the risk by properly scoping authentication to a specific tenant. Organizations using Himmelblau should review their deployments, particularly in remote authentication scenarios, to ensure they are not exposed to this vulnerability.