Skip to main content
Vol. I · No. 1

The Identity at the Core

The Definitive Chronicle of Identity & Access Management

Breach: BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpointVulnerability: CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediatelyBreach: BREACH: European fintech platform leaks OAuth tokens affecting 890K usersAdvisory: ADVISORY: CISA warns of active exploitation of SAML implementation flaws in enterprise SSO productsBreach: BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpointVulnerability: CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediatelyBreach: BREACH: European fintech platform leaks OAuth tokens affecting 890K usersAdvisory: ADVISORY: CISA warns of active exploitation of SAML implementation flaws in enterprise SSO products

BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpoint

CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediately

BREACH: European fintech platform leaks OAuth tokens affecting 890K users

Intelligence

Vulnerability Feed

Vulnerabilities affecting IAM products — directory services, federation, MFA, SSO, and PAM platforms

Recent Identity-Related CVEs

Vulnerability Tracker
● LIVE
9.8
CVE-2026-31847FortiAuthenticator RCE

Unauthenticated remote code execution via crafted RADIUS authentication packet.

1h ago8.7
CVE-2026-28391Okta OIDC Token Bypass

Token validation flaw allows authentication bypass in specific OIDC flow configurations.

3h ago7.5
CVE-2026-29104PingFederate XXE

XML External Entity injection in SAML metadata parser allows SSRF.

5h ago7.2
CVE-2026-30582Azure AD B2C Policy Injection

Custom policy XML injection allows privilege escalation in B2C tenants.

7h ago5.4
CVE-2026-31205Keycloak Session Fixation

Session token not rotated after authentication in specific broker flows.

9h ago