Microsoft Dynamics_365
4 CVEs affecting Microsoft Dynamics_365. Latest disclosed: 2026-05-12. Critical: 3, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42898 | Critical | 9.9 | 2026-05-12 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. |
CVE-2026-32210 | Critical | 9.3 | 2026-04-23 | Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-42833 | Critical | 9.1 | 2026-05-12 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. |
CVE-2026-33103 | Medium | 5.5 | 2026-04-14 | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. |