Power Automate
by Microsoft
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40374 | Med | 0.42 | 6.5 | 0.01 | May 12, 2026 | Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-47966 | 0.00 | — | 0.01 | Jun 5, 2025 | Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2025-29817 | 0.00 | — | 0.01 | Apr 15, 2025 | Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. | |||
| CVE-2025-21187 | 0.00 | — | 0.01 | Jan 14, 2025 | Microsoft Power Automate Remote Code Execution Vulnerability | |||
| CVE-2024-43479 | 0.00 | — | 0.01 | Sep 10, 2024 | Microsoft Power Automate Desktop Remote Code Execution Vulnerability |
- risk 0.42cvss 6.5epss 0.01
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
- CVE-2025-47966Jun 5, 2025risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-29817Apr 15, 2025risk 0.00cvss —epss 0.01
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.
- CVE-2025-21187Jan 14, 2025risk 0.00cvss —epss 0.01
Microsoft Power Automate Remote Code Execution Vulnerability
- CVE-2024-43479Sep 10, 2024risk 0.00cvss —epss 0.01
Microsoft Power Automate Desktop Remote Code Execution Vulnerability