HIGHCVE-2026-41094Published 2026-05-12Modified 2026-05-26CNA microsoft

CVE-2026-41094: Microsoft Data Formulator Remote Code Execution Vulnerability

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: 0.7
Affected Products: 1

Fix available

0.7

Patch commits

Microsoft Data Formulator Remote Code Execution Vulnerability

Affected packages

Microsoft / Microsoft Data Formulator
< 0.7 (from 1)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

References

Microsoft Data Formulator Remote Code Execution Vulnerability

Metrics

Fix available