Description
Microsoft Devices Pricing Program Remote Code Execution Vulnerability
Published: 2026-03-05
Score: 9.8 Critical
EPSS: 2.3% Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A critical flaw in the Microsoft Devices Pricing Program allows remote code execution. An attacker who can target the program can run any code with the privileges of the system, potentially compromising devices and data. The vulnerability corresponds to CWE‑434, indicating that untrusted content is accepted without proper validation.

Affected Systems

All deployments of Microsoft Devices Pricing Program are potentially affected; the advisory does not specify any version restrictions, so every installation should be evaluated.

Risk and Exploitability

The CVSS score of 9.8 indicates an extremely severe risk, yet the EPSS score is 2%, implying limited exploitation activity to date. The vulnerability is not listed in the KEV catalog, and no widespread attacks have been reported. The likely attack vector is remote, exploiting exposed interfaces or services of the program.

Generated by OpenCVE AI on April 17, 2026 at 12:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch released by Microsoft for the Devices Pricing Program.
  • After installation, redeploy the updated firmware to all affected devices.
  • Until the patch is in place, restrict or isolate network access to the Devices Pricing Program’s endpoints to reduce exposure.

Generated by OpenCVE AI on April 17, 2026 at 12:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:microsoft:devices_pricing_program:-:*:*:*:*:*:*:*

Mon, 09 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 22:45:00 +0000

Type Values Removed Values Added
Description Microsoft Devices Pricing Program Remote Code Execution Vulnerability
Title Microsoft Devices Pricing Program Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft devices Pricing Program
Weaknesses CWE-434
CPEs cpe:2.3:a:microsoft:devices_pricing_program:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft devices Pricing Program
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Devices Pricing Program
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-14T16:36:20.126Z

Reserved: 2025-12-30T18:10:54.847Z

Link: CVE-2026-21536

cve-icon Vulnrichment

Updated: 2026-03-09T20:28:35.300Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T23:16:18.447

Modified: 2026-03-16T15:40:44.357

Link: CVE-2026-21536

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:45:16Z

Weaknesses