CVE-2026-54733
Received Received - Intake

Microsoft 365 Plugin for Moodle JWT Signature Bypass

Vulnerability report for CVE-2026-54733, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: GitHub, Inc.

Description

The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration plugin local_o365 Teams SSO endpoint sso_login.php base64-decodes a JWT payload and authenticates users from the upn claim without verifying the JWT signature, allowing an unauthenticated attacker to forge a token and obtain a Moodle session as an O365-authenticated user. This issue is fixed in versions 4.5.6, 5.0.5, and 5.1.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
microsoft o365_moodle 4.5.6
microsoft o365_moodle 5.0.5
microsoft o365_moodle 5.1.1
microsoft office_365_integration to 5.1.1 (exc)
microsoft o365_moodle to 5.1.1 (exc)
microsoft repository_office365 to 5.1.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an authentication bypass in the Microsoft Office 365 Integration plugin for Moodle. The Teams SSO endpoint sso_login.php decodes a JWT payload and authenticates users based on the UPN claim without verifying the JWT signature. An attacker can forge a token with any UPN and gain a Moodle session as that user, including administrators.

Detection Guidance

Check the version of the Microsoft Office 365 Integration plugin in Moodle. Run: grep -r "version" /path/to/moodle/local/o365/version.php. If the version is below 4.5.6, 5.0.5, or 5.1.1, the system is vulnerable. Inspect the sso_login.php file for JWT token handling without signature verification.

Impact Analysis

An unauthenticated attacker can impersonate any user, including administrators, by forging a JWT token. This allows full access to the Moodle site, enabling data theft, unauthorized actions, or complete system compromise. The impact is severe due to the lack of signature verification.

Compliance Impact

This vulnerability could lead to unauthorized access to sensitive data, violating GDPR and HIPAA requirements for data protection and access controls. Organizations using affected versions may face compliance violations, legal penalties, and reputational damage due to potential data breaches.

Mitigation Strategies

Upgrade the Microsoft Office 365 Integration plugin to version 4.5.6, 5.0.5, or 5.1.1 or later. If upgrading is not possible, disable the Teams SSO feature in the plugin settings as a temporary workaround.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54733. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart