Description
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.
Published: 2026-04-03
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via Server‐Side Request Forgery
Action: Immediate Patch
AI Analysis

Impact

Server‑Side Request Forgery (SSRF) in Microsoft Bing allows an unauthorized attacker to send requests from the server to internal or external resources, thereby enabling privilege escalation on the system.

Affected Systems

Microsoft Bing is the only vendor and product identified as affected, with no specific version information provided in the CNA data. Administrators should treat all current installations as potentially vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 10 indicates a critical severity. EPSS is below 1 %, and the vulnerability is not listed in the CISA KEV catalog, suggesting a comparatively low current exploitation probability. Based on the description, the likely attack vector is through a network‑based SSRF opportunity that could be leveraged to access privileged internal services, although the exact path is not detailed in the advisories.

Generated by OpenCVE AI on April 13, 2026 at 19:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft update for CVE‑2026‑32186 as soon as it becomes available
  • Verify that the patch has been installed and that the Bing service is restarted if required

Generated by OpenCVE AI on April 13, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:microsoft:bing:-:*:*:*:*:*:*:*

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description Microsoft Bing Elevation of Privilege Vulnerability Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Mon, 06 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description Microsoft Bing Elevation of Privilege Vulnerability
Title Microsoft Bing Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft bing
Weaknesses CWE-918
CPEs cpe:2.3:a:microsoft:bing:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft bing
References

Subscriptions

Microsoft Bing
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-24T12:51:33.774Z

Reserved: 2026-03-11T00:26:53.426Z

Link: CVE-2026-32186

cve-icon Vulnrichment

Updated: 2026-04-03T20:08:25.670Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-03T18:16:24.993

Modified: 2026-04-13T18:32:38.160

Link: CVE-2026-32186

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:41:50Z

Weaknesses