Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-54733: CWE-347: Improper Verification of Cryptographic Signature in microsoft o365-moodle

0
Critical
VulnerabilityCVE-2026-54733cvecve-2026-54733cwe-347
Published: 07/16/2026 (07/16/2026, 14:52:03 UTC)
Source: CVE Database V5
Vendor/Project: microsoft
Product: o365-moodle

Description

The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration plugin local_o365 Teams SSO endpoint sso_login.php base64-decodes a JWT payload and authenticates users from the upn claim without verifying the JWT signature, allowing an unauthenticated attacker to forge a token and obtain a Moodle session as an O365-authenticated user. This issue is fixed in versions 4.5.6, 5.0.5, and 5.1.1.

CVSS v4.0

Score 9.3critical

Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Vuln. Confidentiality
High
Vuln. Integrity
High
Vuln. Availability
High
Subsq. Confidentiality
None
Subsq. Integrity
None
Subsq. Availability
None
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected software

GitHub Actionsmore threats →ai
microsoft/o365-moodle
pkg:github/microsoft/o365-moodle
Affected versions
<4.5.6<5.0.5<5.1.1

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/16/2026, 15:48:19 UTC

Technical Analysis

The vulnerability in Microsoft 365 and Microsoft Entra ID Plugins for Moodle (o365-moodle) arises from improper verification of cryptographic signatures (CWE-347) in the Teams SSO endpoint sso_login.php. Specifically, the plugin base64-decodes the JWT payload and authenticates users solely based on the upn claim without validating the JWT signature. This flaw enables unauthenticated attackers to forge tokens and impersonate Office 365 authenticated users within Moodle. The vulnerability affects versions prior to 4.5.6, 5.0.5, and 5.1.1 and has a CVSS 4.0 score of 9.3 (critical). The vulnerability is present in the plugin code, not in a cloud service component. Patches are available in the fixed versions.

Potential Impact

An attacker can bypass authentication by forging JWT tokens without a valid cryptographic signature, allowing unauthorized access to Moodle sessions as legitimate Office 365 users. This leads to a complete compromise of user accounts within Moodle integrated with Microsoft 365 and Azure Active Directory via the vulnerable plugin versions. The vulnerability is critical due to its ease of exploitation (no privileges or user interaction required) and high impact on confidentiality, integrity, and availability.

Mitigation Recommendations

A fix is available in Microsoft 365 and Microsoft Entra ID Plugins for Moodle versions 4.5.6, 5.0.5, and 5.1.1. Users should upgrade to one of these versions immediately to remediate the vulnerability. Since this is a plugin vulnerability, patching the affected Moodle plugin installations is necessary. There is no indication that the vendor manages remediation server-side for this plugin, so manual update is required. Patch status is confirmed by the vendor advisory information.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
GitHub_M
Date Reserved
2026-06-15T23:07:33.232Z
Cvss Version
4.0
State
PUBLISHED
Remediation Level
null
Is Cloud Service
true

Threat ID: 6a58f9c068715ace434105d5

Added to database: 07/16/2026, 15:33:20 UTC

Last enriched: 07/16/2026, 15:48:19 UTC

Last updated: 07/16/2026, 16:18:14 UTC

Views: 2

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses