ConsentFix v3 is an automated OAuth phishing campaign that structurally bypasses MFA in Microsoft Azure and Entra ID by abusing pre-consented, FOCI-eligible first-party Microsoft applications including Azure CLI. No CVE is assigned because the abused trust relationships exist by design, and no patch resolves the issue — mitigation requires architectural changes to Entra ID OAuth consent policy and token management. Any Azure tenant with permissive user consent settings is exposed.