May 2026: Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVE-2026-42898 Published on May 12, 2026

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Vendor Advisory NVD

Weakness Type

What is a Code Injection Vulnerability?

The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVE-2026-42898 has been classified to as a Code Injection vulnerability or weakness.

Products Associated with CVE-2026-42898

Want to know whenever a new CVE is published for Microsoft Dynamics 365? stack.watch will email you.

Microsoft Dynamics 365

Affected Versions

Microsoft Dynamics 365 (on-premises) version 9.1:

Version 9.0 and below 9.1.44.15 is affected.

May 2026: Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityCVE-2026-42898 Published on May 12, 2026

Weakness Type

What is a Code Injection Vulnerability?

Products Associated with CVE-2026-42898

Affected Versions

May 2026: Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVE-2026-42898 Published on May 12, 2026