Elevation of Privilege Vulnerability in Microsoft Dynamics 365 by Microsoft
CVE-2026-40371

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 (on-premises) Version 9.1
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-40371?

A vulnerability exists in Microsoft Dynamics 365 (on-premises) due to improper handling of insufficient permissions, which may allow an authorized attacker to gain elevated privileges over a network. This situation can exploit the system's capabilities beyond intended access levels, highlighting the importance of robust permissions management and timely updates.

Affected Version(s)

Microsoft Dynamics 365 (on-premises) version 9.1 9.0 < 9.1.0045.0011

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Apr 11, 2026

CVE-2026-40371 Data

JSON