CVE-2026-33819

Daily digests

An unauthenticated attacker can get remote code execution on Microsoft Bing infrastructure by sending crafted serialized data over the network. Deserialization bugs like this are a favorite for attackers because they often give full control of the target system. CVSS 10.0, no known exploitation yet.

• Daily Digest · Apr 24, 2026

  Entra ID SSRF scores perfect 10, Bing RCE too