Microsoft Authenticator Flaw Could Leak Login Codes
By 0xSnow on March 13, 2026
Microsoft Authenticator Flaw Could Leak Login Codes
A newly disclosed vulnerability in Microsoft Authenticator could expose one time sign in codes or authentication deep links to a malicious app installed on the same mobile device. The issue, tracked as CVE-2026-26123, affects both Android and iOS and was published on March 10, 2026. Public CVE data rates the flaw as Medium severity with a CVSS 3.1 score of 5.5, and classifies it as a local attack that requires user interaction. The weakness is tied to CWE-939, which covers improper authorization in handlers for custom URL schemes.
Microsoft Authenticator is widely used to generate time based one time passcodes and process sign in links or QR based logins for Microsoft and other accounts. Deep links are specially structured URIs that open an app directly and trigger a specific action, such as completing a login. Because the app is commonly used on personal phones, including BYOD devices connected to business services, the impact could extend beyond consumer accounts into corporate environments.
CVE Snapshot
| Item | Details |
|---|---|
| CVE | CVE-2026-26123 |
| Product | Microsoft Authenticator |
| Platforms | Android and iOS |
| Severity | Medium |
| CVSS | 5.5 |
| Attack Vector | Local |
| User Interaction | Required |
| Weakness | CWE-939 |
| Main Risk | Disclosure of sign in data or one time codes |
The available advisories show that exploitation is not automatic. A victim would first need to install a rogue app and then accidentally allow that app to handle a sign in deep link. If that happens, the malicious app may receive the one time code or sign in information and use it to complete authentication as the victim. From there, an attacker could reach email, files, cloud apps, or even production systems tied to the compromised account. Malwarebytes also warns that attackers may pivot to additional accounts protected by codes delivered through the same device.
What Users Should Do
The fix is already included in current releases. According to the CVE record, affected versions include Microsoft Authenticator for Android 6.0.0 through before 6.2511.7533 and Microsoft Authenticator for iOS 6.0.0 through before 6.8.40. Users should update the app immediately through Google Play or the App Store. If updating is not possible right away, avoid newly installed apps that ask to handle authentication links, verify that Microsoft Authenticator is the selected handler for login prompts, and use trusted anti malware protection on mobile devices.
| Prevention Step | Why It Matters |
|---|---|
| Update Microsoft Authenticator immediately | Installs the vendor fix for CVE-2026-26123 |
| Avoid unknown or newly installed apps | Reduces the chance of a rogue app intercepting sign in data |
| Check which app opens sign in links | Helps ensure Microsoft Authenticator handles the authentication flow |
| Be careful with QR based logins | Prevents accidental redirection to a malicious handler |
| Use mobile security protection | Can help flag suspicious apps on the device |
| Review installed apps regularly | Helps remove software that could abuse authentication links |
Latest News
BlackSanta Malware A Stealthy Threat Targeting Recruiters and HR Teams
By 0xSnow on March 12, 2026
Microsoft Unveils “Project Helix”- A Next-Gen Xbox Merging Console and PC Gaming
By 0xSnow on March 6, 2026
Free Email Lookup Tools and Reverse Email Search Resources
By 0xSnow on March 6, 2026
How AI Puts Data Security at Risk
By 0xSnow on December 13, 2025
The Evolution of Cloud Technology: Where We Started and Where We’re Headed
By 0xSnow on December 9, 2025
.jpg "The Evolution of Online Finance Tools In a Tech-Driven World")
The Evolution of Online Finance Tools In a Tech-Driven World
By 0xSnow on December 9, 2025
A Complete Guide to Lenso.ai and Its Reverse Image Search Capabilities
By 0xSnow on December 8, 2025
%20Works.jpg "How Web Application Firewalls (WAFs) Work")
How Web Application Firewalls (WAFs) Work
By 0xSnow on November 3, 2025
How to Send POST Requests Using curl in Linux
By 0xSnow on November 3, 2025
Related Posts