Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-23652: Microsoft Power Pages Command Injection Risk

CVE-2026-23652

Summary

An unauthorized attacker can execute code over a network if they exploit a weakness in Microsoft Power Pages. This could lead to unauthorized access to sensitive information or system takeover. It's recommended to update to the latest version of Microsoft Power Pages to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions
microsoft	power_pages	All versions `cpe:2.3:a:microsoft:power_pages:-:::::::*`

Original title

Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.

Original description

Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.

nvd CVSS3.1 10.0

Vulnerability type

CWE-77 Command Injection

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23652

Published: 22 May 2026 · Updated: 28 May 2026 · First seen: 26 May 2026