Cyber Resilience

CVE-2026-34327

High

Published: 07 May 2026

Published
07 May 2026
Modified
08 May 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0064 46.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-34327 is a high-severity Externally Controlled Reference to a Resource in Another Sphere (CWE-610) vulnerability in Microsoft Partner Center. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 46.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24303Same product: Microsoft Partner Center
CVE-2025-29814Same product: Microsoft Partner Center
CVE-2026-41107Same vendor: Microsoft
CVE-2026-20846Same vendor: Microsoft
CVE-2025-25003Same vendor: Microsoft
CVE-2025-24991Same vendor: Microsoft
CVE-2026-20853Same vendor: Microsoft
CVE-2026-40379Same vendor: Microsoft
CVE-2026-20877Same vendor: Microsoft
CVE-2026-23659Same vendor: Microsoft

Affected Assets

microsoft
partner center
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-610

Limits impact of an externally controlled reference to a primary information resource by switching to an identified alternative.

References