Microsoft Dynamics 365 Vulnerability Leading to Possible Code Execution
CVE-2026-42898

9.9CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 (on-premises) Version 9.1
Vendor: CVE Published:; 12 May 2026

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2026-42898?

A vulnerability in Microsoft Dynamics 365 (On-Premises) allows an authorized attacker to exploit improper control over code generation, leading to possible execution of arbitrary code across the network. This flaw highlights the importance of stringent security measures to prevent unauthorized code execution and ensures that proper patching and updates are applied to protect sensitive data and system integrity.

Affected Version(s)

Microsoft Dynamics 365 (on-premises) version 9.1 9.0 < 9.1.45.11

News Articles

Dark Reading

CVE-2026-42898 CVE-2026-42823

It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight

It's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.

4 weeks ago

Cyberscoop

CVE-2026-42898

Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical

The high volume of vulnerabilities reflects a growing trend researchers have been anticipating as artificial intelligence models are deployed to find previously uncovered defects in code.

4 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 12, 2026
📰
First article discovered by Cyberscoop
May 12, 2026
Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42898 Data

JSON