PatchSiren cyber security CVE debrief
CVE-2026-47655 Microsoft CVE debrief
CVE-2026-47655 is a MEDIUM-severity vulnerability (CVSS Score: 6.5) that involves the exposure of sensitive information to an unauthorized actor in Microsoft Graph. An authorized attacker can exploit this vulnerability to disclose information over a network. The vulnerability was published on 2026-06-04T23:17:32.530Z and last modified on 2026-06-05T14:59:51.620Z.
- Vendor
- Microsoft
- Product
- Microsoft Graph
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Microsoft Graph should be aware of this vulnerability and take necessary precautions to protect their sensitive information.
Technical summary
The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N and is classified under CWE-200. The vulnerability's status is Awaiting Analysis.
Defensive priority
MEDIUM
Recommended defensive actions
- Review and apply patches from Microsoft as they become available.
- Implement network segmentation and access controls to limit the attack surface.
- Monitor and audit network activity for suspicious behavior.
Evidence notes
The vendor is identified as Unknown Vendor with low confidence, and the product name is not specified. However, there is evidence suggesting that the vendor might be Microsoft.
Official resources
-
CVE-2026-47655 CVE record
CVE.org
-
CVE-2026-47655 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47655 was published on 2026-06-04T23:17:32.530Z and last modified on 2026-06-05T14:59:51.620Z.