CVE-2026-41103EXPLOITEDPATCHED

Microsoft · Microsoft Confluence SAML SSO plugin

Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

Description

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft Confluence SAML SSO plugin	1.0.0, 1.0.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	microsoft jira saml sso plugin	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41103(vendor-advisory, patch)

Related News (3 articles)

Tier C

Qualys Blog3h ago

Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review

→ No new info (linked only)

Tier C

VulDB5h ago

CVE-2026-41103 | Microsoft Confluence SAML SSO Plugin/JIRA SAML SSO Plugin prior 1.3.3 incorrect implementation of authentication algorithm

→ No new info (linked only)

Tier A

Microsoft MSRC9h ago

CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

→ No new info (linked only)

CVSS 3.19.1 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

7.4.01.3.3

CWECWE-303

PublishedMay 12, 2026

Last enriched4h agov3

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-33844EXP

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

Trending: 76

HIGHCVE-2026-26129EXP

M365 Copilot Information Disclosure Vulnerability

Trending: 75

CRITICALCVE-2026-33109EXP

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

Trending: 73

CRITICALCVE-2026-42898EXP

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Trending: 73

CRITICALCVE-2026-42831EXP

Microsoft Office Remote Code Execution Vulnerability

Trending: 72

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 12, 2026

Discovered by ZDM

May 12, 2026

Updated: description, exploitAvailable, activelyExploited, tags

May 12, 2026

Updated: affectedVersions

May 12, 2026

Actively Exploited

May 12, 2026

Exploit Available

May 12, 2026

Patch Available

May 12, 2026

Version History

Last enriched 4h ago

v3Tier C4h ago

Updated product to include JIRA SAML SSO Plugin, changed exploit availability to false, and provided a new description.

affectedVersions

via VulDB

v2Tier A6h ago

Updated description with technical details, marked exploit as available, and noted active exploitation along with a new tag for elevation of privilege.

descriptionexploitAvailableactivelyExploitedtags

via Microsoft MSRC

v16h ago

Initial creation