Vulnerability Analysis

CVE-2026-35431: Critical SSRF in Microsoft Entra ID Entitlement Management — What It Is & How to Respond

Executive Summary

CVE-2026-35431 is a perfect-10 CVSS critical Server-Side Request Forgery (SSRF) vulnerability discovered in Microsoft Entra ID Entitlement Management, disclosed on April 23, 2026. An unauthenticated remote attacker can exploit this flaw to forge server-side requests — enabling spoofing attacks, internal network probing, and potential data exfiltration from the identity and access management plane. Microsoft has already patched this in their cloud-hosted service and states no customer action is required to resolve the vulnerability itself; however, organizations should immediately audit logs for signs of prior exploitation and harden their Entra ID posture.

1. What Is This Vulnerability?

CVE-2026-35431 is a Server-Side Request Forgery (SSRF) flaw residing in the Entitlement Management component of Microsoft Entra ID (formerly Azure Active Directory). Entitlement Management is an identity governance feature that automates access request workflows, access packages, and policy-driven provisioning of resources.

An SSRF vulnerability occurs when a server-side application fetches a remote resource based on a URL or network location supplied (directly or indirectly) by an attacker — without adequate validation. In this case, the Entitlement Management service processes user-supplied or attacker-controlled external resource identifiers without sufficient sanitization.

CVSS v3.1 Breakdown:

Metric Value
Attack Vector Network (AV:N)
Attack Complexity Low (AC:L)
Privileges Required None (PR:N)
User Interaction None (UI:N)
Confidentiality High (C:H)
Integrity High (I:H)
Availability High (A:H)
CVSS Score 10.0 — Critical

Attack Vector

An unauthenticated attacker crafts a specially formed HTTP request targeting a publicly exposed Entra ID Entitlement Management endpoint. By supplying a malicious URL or resource identifier (pointing to an internal Microsoft cloud infrastructure endpoint, an attacker-controlled server, or metadata APIs), the attacker coerces the Entra ID backend service into making outbound HTTP requests on the attacker's behalf.

The typical SSRF exploitation chain for cloud IAM services follows this pattern:

Attacker  →  Crafted Request (malicious URL param)
                    ↓
         Entra ID Entitlement Management Service
                    ↓
         Outbound request to attacker-controlled host
         OR internal cloud metadata/management APIs
                    ↓
         Attacker receives sensitive responses:
           - OAuth tokens / service credentials
           - Internal service responses
           - Cloud metadata (instance info, managed identity tokens)

In cloud-hosted identity systems, SSRF is particularly dangerous because the backend service often runs with elevated privileges and has access to internal APIs (e.g., Azure Instance Metadata Service at 169.254.169.254, Azure Resource Manager endpoints) that are inaccessible from the public internet.

Real-World Impact

SSRF vulnerabilities in cloud identity services have historically led to catastrophic outcomes:

  • Credential theft via IMDS: Attackers route SSRF payloads to http://169.254.169.254/metadata/identity/oauth2/token to steal managed identity access tokens, gaining control of Azure subscriptions.
  • Lateral movement: With identity tokens in hand, attackers enumerate and access Azure resources (storage accounts, Key Vault secrets, databases) across the tenant.
  • Identity spoofing: The stated CWE for this CVE involves spoofing — an attacker may forge entitlement requests, impersonate identities within access packages, or manipulate access reviews.
  • Data exfiltration: Access package configurations, user assignments, policy definitions, and connected resource credentials may be accessible via forged internal requests.

No public proof-of-concept or confirmed exploitation in the wild has been disclosed as of April 24, 2026.

2. Who Is Affected?

Category Details
Product Microsoft Entra ID — Entitlement Management feature
Deployment Cloud-hosted (Microsoft Azure / Entra ID SaaS)
On-Premises Not applicable — Entitlement Management is cloud-only
Authentication Required None — unauthenticated exploitation
Who Is at Risk Any organization using Microsoft Entra ID with Entitlement Management enabled
Tenants at Risk Microsoft 365, Azure AD P2, and Entra ID Governance license holders

Any organization that uses Entra ID Entitlement Management (access packages, connected organizations, catalogs) was theoretically exposed prior to Microsoft's server-side fix. The severity is maximum because no authentication, privileges, or victim interaction is required.

3. How to Detect It (Testing)

Since Microsoft has already patched the underlying cloud service, direct exploitation testing against production is neither recommended nor useful. The detection focus should be on forensic log review to determine if exploitation occurred before the patch, plus posture testing to confirm your Entra ID configuration reduces future blast radius.

Manual Log Review — Entra ID Audit Logs

The primary signal for SSRF exploitation in Entitlement Management will appear in Entra ID audit and sign-in logs.

Step 1: Access Entra ID Audit Logs

Azure Portal → Microsoft Entra ID → Monitoring → Audit logs
Filter: Service = "Entitlement Management"
Date Range: Last 30 days (extend to 90 days if available)

Step 2: Hunt for Anomalous Entitlement Management Activity Look for the following suspicious patterns:

  • Access package requests from unexpected IP addresses or geolocations
  • Requests with unusually long or malformed requestorId, justification, or answers fields
  • Bulk access requests in short time windows
  • Policy evaluations triggered without corresponding user sign-in events
  • Connected organization requests referencing unexpected external tenants

Step 3: Review Microsoft Entra ID Protection Risk Detections

Azure Portal → Microsoft Entra ID → Protection → Risky sign-ins
Filter by: Risk level = High, Medium
Look for: Anomalous Token, Unfamiliar sign-in properties, Suspicious browser

Step 4: Check Managed Identity and Service Principal Activity

Azure Portal → Microsoft Entra ID → Monitoring → Sign-in logs
Filter: Application = Internal Entra ID services
Look for: Unusual token issuance to unexpected resources

Automated Scanning

Tool: Microsoft Sentinel — Entra ID-Connected Log Analytics

// KQL Query: Detect anomalous Entitlement Management operations
AuditLogs
| where TimeGenerated > ago(30d)
| where LoggedByService == "Entitlement Management"
| where OperationName in (
    "Request access package assignment",
    "Add connected organization",
    "Update access package policy"
)
| extend RequestorIP = tostring(parse_json(AdditionalDetails)[0].value)
| summarize count() by OperationName, RequestorIP, bin(TimeGenerated, 1h)
| where count_ > 20
| order by count_ desc

Tool: Microsoft Defender for Cloud — Identity Recommendations

  • Navigate to: Defender for Cloud → Recommendations → Identity and Access
  • Look for: "Enable MFA for accounts with read permissions on your subscription"
  • Review: Entitlement Management overprivileged role assignments

Tool: Entra ID Access Reviews (built-in)

Azure Portal → Identity Governance → Access reviews
Create review for: All access packages with high-sensitivity resources
Reviewers: Resource owners
Frequency: Weekly (temporarily, during incident response)

Code Review Checklist

If your organization has custom applications that integrate with the Entra ID Entitlement Management API, review them for compounding SSRF risk:

  • Verify no user-supplied URLs are passed directly to https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/* endpoints
  • Confirm all callback URLs in access package policies are validated against an allowlist
  • Check that connectedOrganization identitySources values are not constructed from user input
  • Ensure OAuth redirect URIs for entitlement workflows are statically registered, not dynamically generated
  • Verify webhook or notification endpoints in catalog policies are not user-modifiable

4. How to Fix It (Mitigation)

Step-by-Step Remediation

Microsoft has confirmed the vulnerability requires no customer action to remediate the core SSRF flaw — the patch was deployed server-side to the Entra ID cloud service. However, organizations should take the following steps:

  1. Confirm patch deployment awareness. Log in to the Microsoft Security Response Center (MSRC) and verify your tenant is covered: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35431

  2. Perform forensic log review (see Detection section above) to establish whether exploitation occurred in your tenant prior to the patch.

  3. Rotate credentials for high-value identities connected to Entitlement Management:

    • Service principal secrets and certificates used by catalog-connected resources
    • Application client secrets for apps registered in access package policies
    • API keys stored in Key Vault secrets accessible to Entra ID managed identities

  4. Review and tighten Entitlement Management policies:

    • Remove or disable unused connected organizations
    • Restrict access package requestor scope to internal users only unless external access is explicitly required
    • Enable approval workflows for all access packages touching sensitive resources

  5. Enable Privileged Identity Management (PIM) for all roles with Entitlement Management administrative access:

    • Identity Governance Administrator
    • Access Package Manager
    • Catalog Owner

  6. Verify Conditional Access policies cover all service principals and workload identities used by Entitlement Management workflows.

Configuration Hardening

Entra ID → Identity Governance → Entitlement Management → Settings

Recommended settings:
✅ Require justification for access package requests
✅ Require approval for all external (connected org) access requests
✅ Enable access reviews on all packages (quarterly minimum)
✅ Set maximum access duration limits on all packages
✅ Enable "Separation of duties" checks where available
❌ Disable: "Allow external users to request access" unless explicitly needed
❌ Disable: Automatic assignment policies for high-privilege resource roles

Privileged Identity Management (PIM) Hardening

# Verify PIM is enabled for Identity Governance roles
# Run in Azure Cloud Shell or local Az PowerShell

Connect-AzureAD
$governanceRoles = @(
    "Identity Governance Administrator",
    "Access Package Manager",
    "Catalog Owner"
)

foreach ($role in $governanceRoles) {
    $roleDefinition = Get-AzureADMSPrivilegedRoleDefinition `
        -ProviderId "aadRoles" `
        -ResourceId (Get-AzureADTenantDetail).ObjectId `
        -Filter "displayName eq '$role'"
    
    Write-Output "Role: $role"
    Write-Output "PIM Enabled: $($roleDefinition.ExternalId -ne $null)"
    Write-Output "---"
}

5. How to Test the Fix (Validation)

Regression Test Scenarios

  • Scenario A: Verify Entitlement Management access package workflows operate normally after Microsoft's patch (request → approval → assignment flow).
  • Scenario B: Confirm that anomalous or malformed access package requests are rejected with appropriate HTTP 400/403 responses and generate audit log entries.
  • Scenario C: Validate that all legitimate connected organization workflows (cross-tenant access) continue to function correctly.

Security Test Cases

Test Case 1: Verify No Unauthorized SSRF Vector Remains

  • Precondition: Microsoft patch applied (server-side, no customer action needed)
  • Steps: Submit access package requests with URL-like strings in justification, answers, and custom attribute fields
  • Expected Result: Requests either succeed normally (field ignored) or fail validation — no outbound server-side HTTP requests to attacker-controlled URLs
  • Verification: Check Entra ID audit logs for any unusual outbound activity

Test Case 2: Confirm Audit Logging Is Functioning

  • Precondition: Log Analytics workspace connected to Entra ID diagnostic settings
  • Steps: Perform a normal access package request as a test user
  • Expected Result: Event appears in AuditLogs table within 15 minutes
  • Command:
AuditLogs
| where TimeGenerated > ago(1h)
| where LoggedByService == "Entitlement Management"
| where InitiatedBy.user.userPrincipalName == "testuser@yourdomain.com"

Test Case 3: PIM Activation Requirement Enforced

  • Precondition: PIM configured for Identity Governance Administrator role
  • Steps: Attempt to modify an access package policy without activating the PIM role
  • Expected Result: Operation denied with insufficient privileges error

Automated Tests

# Automated Entra ID Entitlement Management Security Validation
# Requires: azure-identity, msgraph-sdk-python

from azure.identity import DefaultAzureCredential
from msgraph import GraphServiceClient
import asyncio

async def validate_entitlement_management_security():
    """
    Validates key security controls in Entra ID Entitlement Management
    """
    credential = DefaultAzureCredential()
    client = GraphServiceClient(credential)
    
    results = {}
    
    # Test 1: Check access packages have approval workflows
    access_packages = await client.identity_governance.entitlement_management.access_packages.get()
    packages_without_approval = []
    
    for pkg in access_packages.value:
        policies = await client.identity_governance.entitlement_management.access_packages.by_access_package_id(pkg.id).assignment_policies.get()
        for policy in policies.value:
            if policy.requestor_settings and not policy.request_approval_settings.is_approval_required_for_update:
                packages_without_approval.append(pkg.display_name)
    
    results["packages_without_approval"] = packages_without_approval
    
    # Test 2: Check for external connected organizations
    connected_orgs = await client.identity_governance.entitlement_management.connected_organizations.get()
    results["connected_org_count"] = len(connected_orgs.value)
    results["connected_orgs"] = [org.display_name for org in connected_orgs.value]
    
    # Test 3: Check access reviews are configured
    access_reviews = await client.identity_governance.access_reviews.definitions.get()
    results["active_access_reviews"] = len([r for r in access_reviews.value if r.status == "inProgress"])
    
    print("=== Entitlement Management Security Validation ===")
    print(f"Packages without approval workflows: {len(results['packages_without_approval'])}")
    if results['packages_without_approval']:
        print(f"  ⚠️  At-risk packages: {', '.join(results['packages_without_approval'])}")
    print(f"Connected Organizations: {results['connected_org_count']}")
    print(f"Active Access Reviews: {results['active_access_reviews']}")
    
    return results

asyncio.run(validate_entitlement_management_security())

6. Prevention & Hardening

Best Practices

  • Adopt Zero Trust for Identity Governance. Treat every access package assignment as potentially compromised. Implement time-bound access with mandatory expiration dates (maximum 90 days for sensitive resources, 30 days for privileged roles).
  • Minimize Entitlement Management attack surface. Disable or remove connected organizations and external user access if not actively used. Each connected tenant is an additional trust boundary that can be manipulated.
  • Implement Just-Enough-Access (JEA) for all catalog resources. Access packages should grant the minimum required permissions for the minimum required duration — enforce this programmatically via lifecycle workflows.
  • Treat SSRF as a cloud-native risk, not just a web app risk. Cloud IAM services running with elevated managed identity permissions are high-value SSRF targets. Any service making outbound HTTP calls on behalf of user input should be treated as an SSRF risk vector.
  • Enable Defender for Identity and Defender for Cloud Apps for behavioral anomaly detection across your Entra ID tenant, including Entitlement Management activity correlation.

Monitoring & Detection

Deploy these ongoing detection rules in Microsoft Sentinel or your SIEM:

// Alert: Bulk access package requests from single IP (potential automation/abuse)
AuditLogs
| where LoggedByService == "Entitlement Management"
| where OperationName == "Request access package assignment"
| extend RequestorIP = tostring(AdditionalDetails[0].value)
| summarize RequestCount = count() by RequestorIP, bin(TimeGenerated, 10m)
| where RequestCount > 10
| project TimeGenerated, RequestorIP, RequestCount

// Alert: New connected organization added (potential tenant spoofing setup)
AuditLogs
| where LoggedByService == "Entitlement Management"
| where OperationName == "Add connected organization"
| project TimeGenerated, InitiatedBy, TargetResources
| extend AddedOrg = tostring(TargetResources[0].displayName)
| where AddedOrg !in (known_trusted_orgs) // customize allowlist

Key Metrics to Track:

  • Access package request volume per hour (baseline and alert on 3x deviation)
  • New connected organization creations (should be rare; alert on any)
  • Identity Governance Administrator role activations outside business hours
  • Access package policy modifications (alert on changes to approval workflows)
  • Failed access requests with anomalous justification field lengths (>500 chars)

Longer-Term Cloud IAM Hardening Recommendations

  1. Conduct quarterly Entra ID Governance reviews — audit all access packages, connected organizations, and catalog configurations.
  2. Integrate Entitlement Management with your SIEM via Diagnostic Settings → Log Analytics, ensuring AuditLogs and SignInLogs are retained for at least 90 days (1 year recommended for regulated industries).
  3. Implement Conditional Access policies that require compliant devices and MFA for all Entitlement Management administrative operations.
  4. Use Entra ID Workbook: Identity Governance to visualize entitlement management activity and spot anomalies.
  5. Subscribe to the Microsoft Security Response Center (MSRC) for real-time notifications on Entra ID vulnerabilities: https://msrc.microsoft.com/

References

Latest from the blog

See all →