Description
Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
Published: 2026-03-19
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An attacker can exploit improper neutralization of special elements in an operating system command, leading to a command injection that permits unauthorized code execution over a network.

Affected Systems

Microsoft Bing Images is the affected product. Version information is not specified, so all deployments that utilize Bing Images are potentially vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.8, indicating a very high severity, but its EPSS score is less than 1%, suggesting a low probability of exploitation in the wild. It is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is an unauthenticated user sending specially crafted requests to the Bing Images service over the network, which can trigger execution of arbitrary system commands.

Generated by OpenCVE AI on April 14, 2026 at 18:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft patch released in the MSRC advisory for Microsoft Bing Images

Generated by OpenCVE AI on April 14, 2026 at 18:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:microsoft:bing_images:-:*:*:*:*:*:*:*

Fri, 20 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
Title Microsoft Bing Images Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft bing Images
Weaknesses CWE-78
CPEs cpe:2.3:a:microsoft:bing_images:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft bing Images
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Bing Images
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-14T16:36:25.245Z

Reserved: 2026-03-11T00:26:53.427Z

Link: CVE-2026-32191

cve-icon Vulnrichment

Updated: 2026-03-20T15:17:49.641Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T21:17:10.400

Modified: 2026-04-14T16:35:56.453

Link: CVE-2026-32191

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:45:09Z

Weaknesses