- Description
- Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- dynamics_365
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- secure@microsoft.com
- CWE-94
- Hype score
- Not currently trending
ثغرة حرجة CVSS 9.9 في Microsoft Dynamics 365 تتيح لمهاجم بعيد تنفيذ أوامر دون صلاحيات مسبقة. تأثر على النسخ السحابية وon-premise. التحديث متاح في Patch Tuesday مايو 2026. https://t.co/8wG4ph2pS
@KasperskyDev
17 May 2026
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2026年5月ぱっちちゅーずでーまとめ ◆Microsoft https://t.co/32GkHwPEhg CVE-2026-42898 Microsoft Dynamics 365 オンプレミスのリモートでコードが実行される脆弱性 CVE-2026-42823 Azure Logic Apps の特権昇格の脆弱性 CVE-2026-41096 Windows
@taku888infinity
13 May 2026
898 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "F6E52B47-C798-4B63-B1CA-55F3F36872B5",
"versionEndExcluding": "9.1.45.11",
"versionStartIncluding": "9.1.1.914",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]