CVE-2026-55944: Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

Overview

Severity
Critical (CVSS 9.8)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Category
Remote Code Execution
Exploit Status
Not Exploited
Exploitation Likelihood
More Likely
Patch Tuesday
2026-Jul
Released
2026-07-14

Description

Deserialization of untrusted data in Microsoft Dynamics NAV allows an unauthorized attacker to execute code over a network.

FAQ

How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by sending a specially crafted login request to an affected Dynamics NAV or Business Central server. Successful exploitation could allow the attacker to execute arbitrary code on the target system. Authentication and user interaction are not required.

Affected Products (1)

Microsoft Dynamics

  • Microsoft Dynamics NAV 2018

Security Updates (1)

Acknowledgments

<a href="https://www.linkedin.com/in/john-nzyuko-412b563b1/">John Nzyuko</a>

Revision History

  • 2026-07-14: Information published.