Improper Access Control in Microsoft Dynamics 365 by Microsoft
CVE-2026-47647

9.9CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365
Vendor: CVE Published:; 18 June 2026

What is CVE-2026-47647?

An improper access control vulnerability in Microsoft Dynamics 365 allows an authenticated attacker to gain elevated privileges over the network, potentially leading to unauthorized actions or data exposure. This flaw can be exploited if proper security measures are not in place, making it essential for organizations using Dynamics 365 to apply available patches and implement robust access control policies.

Affected Version(s)

Microsoft Dynamics 365 -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
May 19, 2026

CVE-2026-47647 Data

JSON