7.8
CVE-2026-40417
- EPSS 0.04%
- Veröffentlicht 12.05.2026 16:58:47
- Zuletzt bearbeitet 13.05.2026 15:34:52
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMicrosoft
≫
Produkt
Microsoft Dynamics 365 Business Central 2024 Release Wave 2
Version
25.0
Version <
25.18
Status
affected
HerstellerMicrosoft
≫
Produkt
Microsoft Dynamics 365 Business Central 2026 Release Wave 1
Version
28.0
Version <
28.1
Status
affected
HerstellerMicrosoft
≫
Produkt
Microsoft Dynamics 365 Business Central Release Wave 1 2025
Version
26.0
Version <
26.12
Status
affected
HerstellerMicrosoft
≫
Produkt
Microsoft Dynamics 365 Business Central Release Wave 2 2025
Version
27.0
Version <
27.6
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.123 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-1390 Weak Authentication
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.