CVE-2026-50695
Received Received - Intake

Stack-based Buffer Overflow in Active Directory Federation Services

Vulnerability report for CVE-2026-50695, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft active_directory_federation_services *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

The provided context does not include specific detection methods or commands for identifying the stack-based buffer overflow vulnerability in Active Directory Federation Services (CVE-2026-50695) on a network or system.

To detect this vulnerability, you may need to rely on vendor-provided tools or updates. Microsoft may offer guidance or detection scripts through their security update resources. Monitoring network traffic for unusual patterns targeting Active Directory Federation Services could also help identify potential exploitation attempts.

Executive Summary

CVE-2026-50695 is a stack-based buffer overflow vulnerability in Microsoft's Active Directory Federation Services (AD FS). This flaw allows an unauthorized attacker to send specially crafted input over a network, causing a buffer overflow in the service.

A buffer overflow occurs when a program writes more data to a buffer than it can hold, corrupting adjacent memory. In this case, the overflow can crash the AD FS service, leading to a denial of service (DoS) condition.

The vulnerability does not require authentication (PR:N in the CVSS vector) and can be exploited remotely (AV:N), making it accessible to attackers over the internet.

Impact Analysis

This vulnerability can impact you in the following ways:

  • Denial of Service (DoS): An attacker can exploit this flaw to crash the Active Directory Federation Services, disrupting authentication and authorization services for applications relying on AD FS.
  • Service Outage: If AD FS is critical for your organization's single sign-on (SSO) or federated identity services, its unavailability can prevent users from accessing applications, leading to operational downtime.
  • Potential for Further Exploitation: While this CVE is currently described as a DoS vulnerability, buffer overflows can sometimes be leveraged for remote code execution (RCE) in other scenarios, though no such impact is confirmed here.
Compliance Impact

This vulnerability may affect compliance with common standards and regulations in the following ways:

  • GDPR: Under the General Data Protection Regulation (GDPR), organizations must ensure the availability and resilience of processing systems (Article 32). A successful DoS attack exploiting this vulnerability could disrupt services, potentially violating GDPR requirements if it leads to unauthorized access or loss of personal data due to system unavailability.
  • HIPAA: For organizations handling protected health information (PHI), HIPAA requires ensuring the confidentiality, integrity, and availability of electronic PHI (ePHI). A DoS attack on AD FS could disrupt access to systems managing ePHI, potentially violating the HIPAA Security Rule (45 CFR Part 164, Subpart C).
  • Other Standards: Compliance frameworks like ISO 27001, NIST SP 800-53, or SOC 2 emphasize the need for system availability and incident response. Exploitation of this vulnerability could lead to non-compliance if it results in prolonged service disruption or inadequate mitigation measures.

Organizations should assess their exposure to this vulnerability and apply patches or mitigations to maintain compliance with applicable regulations.

Mitigation Strategies

Immediate steps to mitigate CVE-2026-50695 include the following:

  • Apply the latest security updates provided by Microsoft for Active Directory Federation Services. Refer to the Microsoft Security Update Guide for the specific patch related to this CVE.
  • Restrict network access to Active Directory Federation Services to trusted sources only, if possible, to reduce the attack surface.
  • Monitor network traffic and system logs for signs of exploitation attempts or unusual activity targeting Active Directory Federation Services.
  • Consider implementing network-level protections, such as intrusion detection/prevention systems (IDS/IPS), to block potential exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50695. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart