CVE Catalog

CVE-2026-26149

Critical
Published: Translated: NVD NIST

Summary

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.

Risk Assessment

An attacker could exploit this vulnerability to impersonate other devices or users, potentially leading to unauthorized access to data.

Recommendation

It is recommended to update Microsoft Power Apps to the latest version and monitor network traffic for suspicious activities.

Original NVD description (English source)

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS