Vulnerability Details CVE-2026-42898
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.6%
CVSS Severity
CVSS v3 Score 9.9
Products affected by CVE-2026-42898
-
cpe:2.3:a:microsoft:dynamics_365:9.1.1.914
-
cpe:2.3:a:microsoft:dynamics_365:9.1.10.102
-
cpe:2.3:a:microsoft:dynamics_365:9.1.11.26
-
cpe:2.3:a:microsoft:dynamics_365:9.1.12.17
-
cpe:2.3:a:microsoft:dynamics_365:9.1.13.12
-
cpe:2.3:a:microsoft:dynamics_365:9.1.14.17
-
cpe:2.3:a:microsoft:dynamics_365:9.1.16.20
-
cpe:2.3:a:microsoft:dynamics_365:9.1.17.29
-
cpe:2.3:a:microsoft:dynamics_365:9.1.18.22
-
cpe:2.3:a:microsoft:dynamics_365:9.1.19.10
-
cpe:2.3:a:microsoft:dynamics_365:9.1.2.2
-
cpe:2.3:a:microsoft:dynamics_365:9.1.20.11
-
cpe:2.3:a:microsoft:dynamics_365:9.1.21.05
-
cpe:2.3:a:microsoft:dynamics_365:9.1.22.04
-
cpe:2.3:a:microsoft:dynamics_365:9.1.23.10
-
cpe:2.3:a:microsoft:dynamics_365:9.1.24.11
-
cpe:2.3:a:microsoft:dynamics_365:9.1.25.21
-
cpe:2.3:a:microsoft:dynamics_365:9.1.26
-
cpe:2.3:a:microsoft:dynamics_365:9.1.26.23
-
cpe:2.3:a:microsoft:dynamics_365:9.1.27.05
-
cpe:2.3:a:microsoft:dynamics_365:9.1.28.09
-
cpe:2.3:a:microsoft:dynamics_365:9.1.29.14
-
cpe:2.3:a:microsoft:dynamics_365:9.1.3.11
-
cpe:2.3:a:microsoft:dynamics_365:9.1.30.09
-
cpe:2.3:a:microsoft:dynamics_365:9.1.31.10
-
cpe:2.3:a:microsoft:dynamics_365:9.1.32
-
cpe:2.3:a:microsoft:dynamics_365:9.1.32.05
-
cpe:2.3:a:microsoft:dynamics_365:9.1.33.07
-
cpe:2.3:a:microsoft:dynamics_365:9.1.34.07
-
cpe:2.3:a:microsoft:dynamics_365:9.1.35.06
-
cpe:2.3:a:microsoft:dynamics_365:9.1.36.12
-
cpe:2.3:a:microsoft:dynamics_365:9.1.37.06
-
cpe:2.3:a:microsoft:dynamics_365:9.1.38.10
-
cpe:2.3:a:microsoft:dynamics_365:9.1.39.04
-
cpe:2.3:a:microsoft:dynamics_365:9.1.4.31
-
cpe:2.3:a:microsoft:dynamics_365:9.1.40.08
-
cpe:2.3:a:microsoft:dynamics_365:9.1.41.07
-
cpe:2.3:a:microsoft:dynamics_365:9.1.42.08
-
cpe:2.3:a:microsoft:dynamics_365:9.1.43.05
-
cpe:2.3:a:microsoft:dynamics_365:9.1.44.15
-
cpe:2.3:a:microsoft:dynamics_365:9.1.5.25
-
cpe:2.3:a:microsoft:dynamics_365:9.1.6.3
-
cpe:2.3:a:microsoft:dynamics_365:9.1.7.5
-
cpe:2.3:a:microsoft:dynamics_365:9.1.9.8