CVE Catalog

CVE-2026-40371

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

40th percentile - higher than 40% of all known CVEs

Summary

Improper handling of insufficient permissions in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

Risk Assessment

An attacker with appropriate permissions may gain access to resources they should not have access to, potentially leading to serious security breaches.

Recommendation

It is recommended to review and update the permissions policy and implement additional access control mechanisms in Microsoft Dynamics 365.

Original NVD description (English source)

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS