CVE-2026-40417
published 2026-05-12CVE-2026-40417: Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | dynamics_365_business_central | — | — |
| microsoft | dynamics_365_business_central | — | — |
| microsoft | dynamics_365_business_central | — | — |
| microsoft | microsoft_dynamics_365_business_central_2024_release_wave_2 | >= 25.0 < 25.18 | 25.18 |
| microsoft | microsoft_dynamics_365_business_central_2026_release_wave_1 | >= 28.0 < 28.1 | 28.1 |
| microsoft | microsoft_dynamics_365_business_central_release_wave_1_2025 | >= 26.0 < 26.12 | 26.12 |
| microsoft | microsoft_dynamics_365_business_central_release_wave_2_2025 | >= 27.0 < 27.6 | 27.6 |