Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-42898: Microsoft Dynamics 365 On-Premises Code Execution Risk

CVE-2026-42898

Summary

An authorized user with Microsoft Dynamics 365 on-premises access can execute unauthorized code over a network, potentially allowing an attacker to gain more access than they should have. This is a concern because it could lead to sensitive data being accessed or modified. To mitigate this risk, Microsoft recommends applying the latest security updates and following their recommended security best practices.

Original title

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Original description

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

nvd CVSS3.1 9.9

Vulnerability type

CWE-94 Code Injection

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42898

Published: 12 May 2026 · Updated: 28 May 2026 · First seen: 13 May 2026