HIGHCVE-2026-40417Published Modified CNA microsoft
CVE-2026-40417: Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 25.18
- Affected Products
- 4
Fix available
25.1826.1227.628.1
Affected packages
- Microsoft / Microsoft Dynamics 365 Business Central 2024 Release Wave 2< 25.18 (from 25.0)
- Microsoft / Microsoft Dynamics 365 Business Central 2026 Release Wave 1< 28.1 (from 28.0)
- Microsoft / Microsoft Dynamics 365 Business Central Release Wave 1 2025< 26.12 (from 26.0)
- Microsoft / Microsoft Dynamics 365 Business Central Release Wave 2 2025< 27.6 (from 27.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C