May 2026: Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVE-2026-40417 Published on May 12, 2026

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

Vendor Advisory NVD

Weakness Type

CWE-1390

Products Associated with CVE-2026-40417

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Dynamics 365 Business Central 2026

Microsoft Dynamics 365 Business Central 2025

Microsoft Dynamics 365 Business Central 2024

Affected Versions

Microsoft Dynamics 365 Business Central 2024 Release Wave 2:

Version 25.0 and below 25.18 is affected.

Microsoft Dynamics 365 Business Central 2026 Release Wave 1:

Version 28.0 and below 28.1 is affected.

Microsoft Dynamics 365 Business Central Release Wave 1 2025:

Version 26.0 and below 26.12 is affected.

Microsoft Dynamics 365 Business Central Release Wave 2 2025:

Version 27.0 and below 27.6 is affected.

May 2026: Microsoft Dynamics 365 Business Central Elevation of Privilege VulnerabilityCVE-2026-40417 Published on May 12, 2026

Weakness Type

Products Associated with CVE-2026-40417

Affected Versions

May 2026: Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVE-2026-40417 Published on May 12, 2026