CVE-2026-40417 PUBLISHED

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

Assigner: microsoft
Reserved: 13.04.2026 Published: 12.05.2026 Updated: 13.05.2026

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVSS Score: 7.8

Product Status

Vendor Microsoft
Product Microsoft Dynamics 365 Business Central 2024 Release Wave 2
Versions
  • affected from 25.0 to 25.18 (excl.)
Vendor Microsoft
Product Microsoft Dynamics 365 Business Central 2026 Release Wave 1
Versions
  • affected from 28.0 to 28.1 (excl.)
Vendor Microsoft
Product Microsoft Dynamics 365 Business Central Release Wave 1 2025
Versions
  • affected from 26.0 to 26.12 (excl.)
Vendor Microsoft
Product Microsoft Dynamics 365 Business Central Release Wave 2 2025
Versions
  • affected from 27.0 to 27.6 (excl.)

References

Problem Types