HIGH
himmelblau-idm
CVE published 2026-05-27
CVE-2026-45108
CVE-2026-45108 is a HIGH-severity authentication bypass vulnerability in Himmelblau, an interoperability suite for Microsoft Azure Entra ID and Intune. The flaw exists in the Device Authorization Grant (DAG) flow's token_validate function, which improperly validates user identity by comparing only domain aliases rather than complete usernames. This allows any authenticated user within the same Entra ID do [truncated]