CVE Catalog
CVE-2026-40371
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk0.52%
40th percentile - higher than 40% of all known CVEs
Summary
Improper handling of insufficient permissions in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
Risk Assessment
An attacker with appropriate permissions may gain access to resources they should not have access to, potentially leading to serious security breaches.
Recommendation
It is recommended to review and update the permissions policy and implement additional access control mechanisms in Microsoft Dynamics 365.
Original NVD description (English source)
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

