CVE

CVE-2026-42833

0field notes · 1digest CVSS 9.1

Daily digests

An authenticated attacker can exploit excessive privileges in Dynamics 365 on-premises to execute code over the network. CVSS 9.1. This is the second critical Dynamics 365 on-prem code execution bug this cycle. A user who should only have read access could run code on your server.

Patch Tuesday · May 13, 2026
Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more

CVE-2026-42833

Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more