Microsoft Power Apps

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-26149 CRITICAL PATCH Act Now

Authenticated attackers can bypass security controls in Microsoft Power Apps versions prior to 3.26032.10.0 by injecting escape or control sequences, enabling cross-scope privilege escalation with high impact to confidentiality, integrity, and availability. The CVSS 9.0 (Critical) score reflects network-based attack vector with low complexity requiring user interaction. Vendor patch released (version 3.26032.10.0). No public exploit identified at time of analysis, with EPSS data not provided.

Authentication Bypass Microsoft Microsoft Power Apps
NVD VulDB
CVSS 3.1
9.0
EPSS
0.1%
CVE-2026-26149
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Authenticated attackers can bypass security controls in Microsoft Power Apps versions prior to 3.26032.10.0 by injecting escape or control sequences, enabling cross-scope privilege escalation with high impact to confidentiality, integrity, and availability. The CVSS 9.0 (Critical) score reflects network-based attack vector with low complexity requiring user interaction. Vendor patch released (version 3.26032.10.0). No public exploit identified at time of analysis, with EPSS data not provided.

Authentication Bypass Microsoft Microsoft Power Apps
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy