Command Injection Vulnerability in Microsoft Power Pages
CVE-2026-23652

10CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Power Pages
Vendor: CVE Published:; 22 May 2026

What is CVE-2026-23652?

A command injection vulnerability exists in Microsoft Power Pages that allows unauthorized attackers to execute arbitrary code across a network. This flaw arises from improper neutralization of special elements used in command functionality, which can be exploited by an attacker to gain control over the affected system. Organizations using Microsoft Power Pages should evaluate their deployment and apply recommended security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Microsoft Power Pages -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
Jan 14, 2026

CVE-2026-23652 Data

JSON