CVE-2026-42898
CRITICAL
NVD
CVSS Score
9.9
Severity
CRITICAL
Published
May 12, 2026
Vendor
unknown
Description
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.