Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
Analysis
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
More in Power Automate For Desktop
View allCritical information disclosure vulnerability in Microsoft Power Automate that allows unauthenticated remote attackers t
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.
Microsoft Power Automate Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no a
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29653
GHSA-8fxf-7qxm-gqm9