Volerion logoVolerion
Volerion logoVolerion

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Microsoft Dynamics 365 (on-premises) version 9.1. This vulnerability allows an authorized attacker with System Administrator privileges to execute code over the network. The issue arises from the application executing code with unnecessary privileges, which could be exploited by manipulating data related to background operations. When this data is processed, it may be deserialized without proper validation, enabling the execution of unauthorized commands on the CRM server.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the server where Microsoft Dynamics 365 is hosted.

Remediation

Users can download the security update for Microsoft Dynamics 365 (on-premises) version 9.1 from the Microsoft Support website. Knowledge Base Article 5078943 provides additional information about this update.

Added: May 12, 2026, 7:04 PM
Updated: May 12, 2026, 7:04 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
10.0
exploitability
2.3
remediation
7.7
relevance
7.9
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.