CVE-2026-33103: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Overview
- Severity
- Medium (CVSS 5.5)
- CVSS Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
- Category
- Information Disclosure
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Unlikely
- Patch Tuesday
- 2026-Apr
- Released
- 2026-04-14
Description
Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.
Affected Products (1)
Microsoft Dynamics
- Microsoft Dynamics 365 (on-premises) version 9.0
Security Updates (1)
Acknowledgments
<a href="https://twitter.com/hoangnx99">Hoangnx and hoangha</a> with <a href="https://lab.viettelcybersecurity.com/">VCSLab of Viettel Cyber Security</a>
Revision History
- 2026-04-14: Information published.