Skip to main content

Microsoft Dynamics Nav 2018

1 CVEs product

Monthly

CVE-2026-55944 CRITICAL PATCH NEWS Exploit Likely Act Now

Remote code execution in Microsoft Dynamics NAV 2018 allows an unauthorized, network-based attacker to run arbitrary code by submitting maliciously crafted serialized data that the application deserializes without validation (CWE-502). With a CVSS 9.8 vector requiring no authentication and no user interaction, successful exploitation grants full compromise of the ERP host. Microsoft has released a patch via MSRC; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Deserialization Microsoft Dynamics Nav 2018
NVD
CVSS 3.1
9.8
EPSS
1.3%
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Likely Act Now

Remote code execution in Microsoft Dynamics NAV 2018 allows an unauthorized, network-based attacker to run arbitrary code by submitting maliciously crafted serialized data that the application deserializes without validation (CWE-502). With a CVSS 9.8 vector requiring no authentication and no user interaction, successful exploitation grants full compromise of the ERP host. Microsoft has released a patch via MSRC; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Deserialization Microsoft Dynamics Nav 2018
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy