CVE Catalog

CVE-2026-42898

Critical
Published: Translated: NVD NIST

Summary

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Risk Assessment

An attacker with appropriate permissions can exploit this vulnerability to execute code remotely, potentially leading to serious security breaches within the organization.

Recommendation

It is recommended to update Microsoft Dynamics 365 to the latest version to mitigate this vulnerability and to review and restrict user permissions.

Original NVD description (English source)

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS