CVE-2026-42177— linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted
Possible ATT&CK Techniques 1AI
T1556.004 · Network Device AuthenticationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| siemens | linux-entra-sso | < 1.8.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42177
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted
Source: NVD (National Vulnerability Database)
Vulnerability Description
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: ["https://*/*"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Entra ID SSO via Microsoft Identity Broker on Linux 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Entra ID SSO via Microsoft Identity Broker on Linux是Siemens开源的一款Linux设备上通过微软身份代理实现单点登录的浏览器扩展。 Entra ID SSO via Microsoft Identity Broker on Linux 1.8.1之前版本存在访问控制错误漏洞,该漏洞源于Chrome适配器未正确检查URL前缀,可能导致主框架导航时附加PRT Cookie到攻击者控制的主机。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| siemens | linux-entra-sso | < 1.8.1 | - |
II. Public POCs for CVE-2026-42177
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42177
请登录查看更多情报信息。
Same Patch Batch · siemens · 2026-05-12 · 20 CVEs total
| CVE-2026-41551 | 9.1 CRITICAL | Siemens ROS# 安全漏洞 |
| CVE-2025-40949 | 9.1 CRITICAL | Siemens多款产品 操作系统命令注入漏洞 |
| CVE-2026-22924 | 9.1 CRITICAL | Siemens SIMATIC CN 4100 访问控制错误漏洞 |
| CVE-2026-25786 | 9.1 CRITICAL | Siemens多款产品 跨站脚本漏洞 |
| CVE-2026-25787 | 9.1 CRITICAL | Siemens SIMATIC 跨站脚本漏洞 |
| CVE-2025-40946 | 8.3 HIGH | Siemens多款产品 安全漏洞 |
| CVE-2026-44412 | 7.8 HIGH | Siemens Solid Edge 安全漏洞 |
| CVE-2026-44411 | 7.8 HIGH | Siemens Solid Edge 缓冲区错误漏洞 |
| CVE-2026-27662 | 7.7 HIGH | Siemens SIMATIC HMI Comfort Panels 安全漏洞 |
| CVE-2025-40833 | 7.5 HIGH | Siemens多款产品 代码问题漏洞 |
| CVE-2026-33893 | 7.5 HIGH | Siemens多款产品 信任管理问题漏洞 |
| CVE-2026-22925 | 7.5 HIGH | Siemens SIMATIC CN 4100 安全漏洞 |
| CVE-2025-40947 | 7.5 HIGH | Siemens RUGGEDCOM 操作系统命令注入漏洞 |
| CVE-2026-33862 | 7.3 HIGH | Siemens Teamcenter 跨站脚本漏洞 |
| CVE-2026-25789 | 7.1 HIGH | Siemens多款产品 跨站脚本漏洞 |
| CVE-2025-40948 | 6.8 MEDIUM | Siemens多款产品 参数注入漏洞 |
| CVE-2026-41125 | 6.0 MEDIUM | Siemens多款产品 SQL注入漏洞 |
| CVE-2024-54017 | 5.3 MEDIUM | Siemens SIPROTEC 5 安全漏洞 |
| CVE-2025-12659 | Heap-based buffer overflow in Siemens Simcenter Femap |
IV. Related Vulnerabilities
Same weakness: CWE-284
- CVE-2026-45301
Open WebUI: Missing permission check in files API allows aut - CVE-2026-44556
Open WebUI: responses passthrough endpoint lacks access cont - CVE-2026-44774
Traefik: Gateway API TraefikService backend accepts rest@int - CVE-2025-0040
NXP JTAG-AXI访问控制漏洞 - CVE-2026-44478
hoppscotch: Unauthenticated Onboarding Config Disclosure via
V. Comments for CVE-2026-42177
No comments yet