VYPR
Critical severity9.9NVD Advisory· Published May 12, 2026· Updated May 14, 2026

CVE-2026-42898

CVE-2026-42898

Description

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

9