Remote Code Execution Vulnerability in Microsoft Dynamics 365 by Microsoft
CVE-2026-42833

9.1CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 (on-premises) Version 9.1
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-42833?

A security flaw exists in Microsoft Dynamics 365 (on-premises) that allows an authorized attacker to execute code over a network, potentially leading to significant data breaches or system compromises. It is essential for users to apply updates and patches to mitigate the risks associated with this vulnerability. More information can be found in the vendor advisory.

Affected Version(s)

Microsoft Dynamics 365 (on-premises) version 9.1 9.0 < 9.1.44.15

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42833 Data

JSON