Jun 2026: Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
CVE-2026-40371 Published on June 9, 2026

Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

Vendor Advisory NVD

Weakness Type

Improper Handling of Insufficient Permissions or Privileges

The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.

Products Associated with CVE-2026-40371

Want to know whenever a new CVE is published for Microsoft Dynamics 365? stack.watch will email you.

Microsoft Dynamics 365

Affected Versions

Microsoft Dynamics 365 (on-premises) version 9.1:

Version 9.0 and below 9.1 Train 26062 (06.2) is affected.

Jun 2026: Microsoft Dynamics 365 (on-premises) Elevation of Privilege VulnerabilityCVE-2026-40371 Published on June 9, 2026

Weakness Type

Improper Handling of Insufficient Permissions or Privileges

Products Associated with CVE-2026-40371

Affected Versions

Jun 2026: Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
CVE-2026-40371 Published on June 9, 2026