VYPR
Critical severity9.1NVD Advisory· Published May 12, 2026· Updated Jun 1, 2026

CVE-2026-42833

CVE-2026-42833

Description

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Affected products

2
  • cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*range: >=9.1,<9.1.45.11
    • (no CPE)

Patches

Vulnerability mechanics

References

1

News mentions

3