Primary

Context

Microsoft Authenticator Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability in Microsoft Authenticator for both iOS and Android allows unauthorized actors to intercept sensitive information over the network. This issue could expose a sign-in access token for a user's work account, potentially granting access to authorized data and services, including sensitive organizational information.

Impact

Exploitation of this vulnerability could lead to unauthorized disclosure of information, specifically access tokens that could be used to access a user's work account data and services.

Remediation

Users of Microsoft Authenticator on Android must manually update the app to the latest version via the Google Play Store, unless they have automatic updates enabled. iOS users can download the latest version from the Apple App Store.

Added: May 14, 2026, 6:27 PM

Updated: May 14, 2026, 6:27 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.2

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.2

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Authenticator Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Authenticator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating