Remote Code Execution Vulnerability in Microsoft Power Apps
CVE-2026-32172

8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Power Apps
Vendor: CVE Published:; 23 April 2026

What is CVE-2026-32172?

A remote code execution vulnerability exists in Microsoft Power Apps due to an uncontrolled search path element. This flaw could enable unauthorized attackers to execute arbitrary code over a network, posing significant risks to the integrity and confidentiality of systems leveraging this platform. Users are advised to implement recommended security measures and apply patches provided by Microsoft to mitigate this threat. For detailed guidance, refer to the vendor's advisory.

Affected Version(s)

Microsoft Power Apps -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Mar 10, 2026

CVE-2026-32172 Data

JSON