Microsoft Power Apps
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Power Apps.
Recent Microsoft Power Apps Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-32172 | CVE-2026-32172 Microsoft Power Apps Remote Code Execution Vulnerability | April 23, 2026 |
| CVE-2026-26149 | CVE-2026-26149 Microsoft Power Apps Security Feature Bypass | April 14, 2026 |
| CVE-2026-20960 | CVE-2026-20960 Microsoft Power Apps Remote Code Execution Vulnerability | January 17, 2026 |
| CVE-2025-47733 | CVE-2025-47733 Microsoft Power Apps Information Disclosure Vulnerability | May 9, 2025 |
| CVE-2023-32052 | Microsoft Power Apps (online) Spoofing Vulnerability | July 11, 2023 |
| CVE-2023-32052 | Microsoft Power Apps (online) Spoofing Vulnerability | July 11, 2023 |
| CVE-2023-32024 | Microsoft Power Apps Spoofing Vulnerability | June 13, 2023 |
By the Year
In 2026 there have been 3 vulnerabilities in Microsoft Power Apps with an average score of 8.3 out of ten. Last year, in 2025 Power Apps had 1 security vulnerability published. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.77
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 8.33 |
| 2025 | 1 | 9.10 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 4.20 |
It may take a day or so for new Power Apps vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Power Apps Security Vulnerabilities
Apr 2026: Microsoft Power Apps Remote Code Execution Vulnerability
CVE-2026-32172
8 - High
- April 23, 2026
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
DLL preloading
Apr 2026: Microsoft Power Apps Desktop Client Spoofing Vulnerability
CVE-2026-26149
9 - Critical
- April 14, 2026
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.
Improper Neutralization of Escape, Meta, or Control Sequences
Jan 2026: PowerApps Desktop Client Remote Code Execution Vulnerability
CVE-2026-20960
8 - High
- January 16, 2026
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
AuthZ
May 2025: Microsoft Power Apps Information Disclosure Vulnerability
CVE-2025-47733
9.1 - Critical
- May 08, 2025
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network
SSRF
Microsoft Power Apps Online Spoofing Vulnerability
CVE-2023-32052
5.4 - Medium
- July 11, 2023
Microsoft Power Apps (online) Spoofing Vulnerability
Microsoft Power Apps Spoofing Vulnerability
CVE-2023-32024
3 - Low
- June 14, 2023
Microsoft Power Apps Spoofing Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Power Apps or by Microsoft? Click the Watch button to subscribe.
