Microsoft Authenticator’s Unclaimed Deep Link: A Full Account Takeover Story (CVE-2026–26123)

infosecwriteups.com · Khaled Mohamed · 7 days ago · research

quality 9/10 · excellent

0 net

Tags

account-takeover bug-bounty cve microsoft

Entities

CVE-2026-26123

When your authentication app becomes the weakest link: How an unclaimed deep link exposed millions of Microsoft accounts

Continue reading on InfoSec Write-ups »

← Back to stories