{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/state-leak/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":5.3,"id":"CVE-2026-7168"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["authentication","state-leak","proxy","cve"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eOn May 19, 2026, Microsoft published information regarding CVE-2026-7168. This vulnerability involves a cross-proxy Digest authentication state leak. The details of the affected products or operating systems are not provided in the initial advisory. Further investigation and updates are expected as Microsoft releases more information. This vulnerability matters to defenders because it could potentially lead to unauthorized access or information disclosure if an attacker successfully exploits the authentication state leak.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eDue to the limited information available, a detailed attack chain cannot be fully constructed. However, a possible attack chain based on the nature of a Digest authentication state leak could be:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a request that triggers the Digest authentication mechanism across multiple proxies.\u003c/li\u003e\n\u003cli\u003eThe initial proxy improperly handles the authentication state.\u003c/li\u003e\n\u003cli\u003eThe authentication state leaks to a subsequent proxy.\u003c/li\u003e\n\u003cli\u003eThe attacker intercepts or manipulates the leaked authentication state.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised authentication state to impersonate a legitimate user.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to resources or data protected by the Digest authentication.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe impact of a successful exploit of CVE-2026-7168 could include unauthorized access to sensitive resources, data breaches, and potential privilege escalation. The number of potential victims and specific sectors targeted are currently unknown, pending further information from Microsoft. Successful exploitation allows an attacker to bypass authentication controls, leading to significant compromise of affected systems.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor for unusual network activity and Digest authentication patterns, specifically involving multiple proxies. Deploy the Sigma rule \u003ccode\u003eDetect Suspicious Digest Authentication Across Proxies\u003c/code\u003e to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eReview Microsoft\u0026rsquo;s updates and guidance related to CVE-2026-7168 as they become available and apply necessary patches promptly.\u003c/li\u003e\n\u003cli\u003eAnalyze network traffic for unexpected or malformed Digest authentication headers. The Sigma rule \u003ccode\u003eDetect Malformed Digest Authentication Header\u003c/code\u003e can assist in identifying suspicious traffic.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T07:14:02Z","date_published":"2026-05-19T07:14:02Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-7168/","summary":"Microsoft published information regarding CVE-2026-7168, a cross-proxy Digest authentication state leak.","title":"CVE-2026-7168 Cross-Proxy Digest Authentication State Leak","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-7168/"}],"language":"en","title":"CraftedSignal Threat Feed — State-Leak","version":"https://jsonfeed.org/version/1.1"}