Microsoft Power Apps Security Bypass via Malicious Input

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.0

Microsoft Power Apps Security Bypass via Malicious Input

CVE-2026-26149

Summary

Unauthorized users may gain access to a network by exploiting a weakness in Microsoft Power Apps. This weakness allows an attacker to circumvent security features by submitting malicious input. To protect your network, ensure you update Power Apps to the latest version and use secure input validation practices.

Original title

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.

Original description

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.

nvd CVSS3.1 9.0

Vulnerability type

CWE-150

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26149

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026