CVE Catalog
CVE-2026-42898
CriticalSummary
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Risk Assessment
An attacker with appropriate permissions can exploit this vulnerability to execute code remotely, potentially leading to serious security breaches within the organization.
Recommendation
It is recommended to update Microsoft Dynamics 365 to the latest version to mitigate this vulnerability and to review and restrict user permissions.
Original NVD description (English source)
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

