CVE-2026-58647: Microsoft PowerBI Report Server Spoofing Vulnerability

Overview

Severity
High (CVSS 8)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Category
Spoofing
Exploit Status
Not Exploited
Exploitation Likelihood
Unlikely
Patch Tuesday
2026-Jul
Released
2026-07-14

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Power BI allows an authorized attacker to perform spoofing over a network.

Affected Products (1)

SQL Server

  • Power BI Report Server

Security Updates (1)

Acknowledgments

Anonymous

Revision History

  • 2026-07-14: Information published.