CVE-2026-41094 PUBLISHED

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

• Microsoft Data Formulator Remote Code Execution Vulnerability