Microsoft Authenticator — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Authenticator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-41615 — CVSS 9.6 (critical): Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose…
CVE-2026-26123 — CVSS 5.5 (medium): Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.