CVE-2026-32208

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
19/06/2026
Last modified:
01/07/2026

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Entra ID allows an authorized attacker to perform spoofing over a network.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:microsoft:edge_chromium:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools