CVE-2026-41103

Daily digests

The Microsoft SSO Plugin for Jira and Confluence has a broken authentication implementation that lets an unauthenticated attacker escalate privileges remotely. CVSS 9.1. If you use this plugin to federate Atlassian logins through Microsoft, an attacker could bypass auth entirely and gain elevated access to your Jira or Confluence instance.

• Patch Tuesday · May 13, 2026

  Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more