Volerion logoVolerion
Volerion logoVolerion

Microsoft Dynamics 365 (On-Premises) Privilege Escalation Vulnerability

Vulnerability

A vulnerability in Microsoft Dynamics 365 (on-premises) has been identified, allowing an authorized attacker to elevate privileges over a network. This issue arises from improper handling of permissions, enabling attackers to assign themselves the System Administrator role and gain full administrative control.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative privileges, allowing attackers to gain full control over the affected Dynamics 365 organization.

Reproduction

To reproduce this vulnerability, an authorized user must send a specially crafted request to the scenario-switching page, which fails to properly validate permissions. This request can be used to incorrectly assign the System Administrator role to the user, thereby granting full administrative rights.

Remediation

Users can download the security update for Microsoft Dynamics 365 (on-premises) version 9.1 through the Microsoft Dynamics 365 Railyard Release Management platform.

Added: Jun 9, 2026, 8:21 PM
Updated: Jun 9, 2026, 8:21 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.0
exploitability
3.6
remediation
7.7
relevance
9.3
threat
1.6
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.