CVSS 9.3 · CRITICAL
CVE-2026-32210
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
Ver en NVDAnálisis
Microsoft Dynamics 365 (Online) contains a critical Server-Side Request Forgery (SSRF) vulnerability. This flaw allows unauthorized attackers to perform network spoofing, which could lead to unauthorized access to internal services or sensitive data within the cloud environment. Organizations using Dynamics 365 should verify their instances are updated to the latest secure version.
Severidad
Puntaje: 9.3(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:NAV: NETWORK
AC: LOW
PR: NONE
UI: REQUIRED
S: CHANGED
C: HIGH
I: HIGH
A: NONE
Tipo de falla (CWE):
CWE-918EPSS
Probabilidad de explotación (próx. 30 días): 0.0005 (0.1%)
Percentil: 16.2%
EPSS: 2026-05-06
Afecta
microsoft:dynamics_365Descripción técnica
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
Publicada: 23/4/2026, 22:16:35
Última modificación: 5/5/2026, 14:10:29