Microsoft Power Automate For Desktop
5 CVEs affecting Microsoft Power Automate For Desktop. Latest disclosed: 2026-05-12. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-47966 | Critical | 9.8 | 2025-06-05 | Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network. |
CVE-2024-43479 | High | 8.5 | 2024-09-10 | Microsoft Power Automate Desktop Remote Code Execution Vulnerability |
CVE-2025-21187 | High | 7.8 | 2025-01-14 | Microsoft Power Automate Remote Code Execution Vulnerability |
CVE-2026-40374 | Medium | 6.5 | 2026-05-12 | Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network. |
CVE-2025-29817 | Medium | 5.7 | 2025-04-15 | Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. |