Description
Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
Published: 2026-03-19
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate patch
AI Analysis

Impact

Improper neutralization of special elements used in a command leads to a command injection flaw in Microsoft Bing Images. The flaw permits an unauthorized attacker to execute arbitrary code over a network, resulting in full remote code execution and compromising the confidentiality, integrity, and availability of the affected system. This vulnerability is classified as CWE-77 (Command Injection).

Affected Systems

The vulnerability affects Microsoft Bing Images. No specific version information is provided, so any deployment of the product at present may be susceptible.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be network-based, as the flaw allows code execution over a network. Without an official patch or workaround, the risk remains high for any impacted installation.

Generated by OpenCVE AI on March 19, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check whether you are running Microsoft Bing Images
  • Review the Microsoft Security Response Center update guide for CVE-2026-32194 to determine if a patch or update is available
  • Apply the latest official security update for Bing Images as soon as it is released
  • If a patch is unavailable, monitor Microsoft advisories for additional notices and consider isolating the affected service until a fix is deployed

Generated by OpenCVE AI on March 19, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Description Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
Title Microsoft Bing Images Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft bing Images
Weaknesses CWE-77
CPEs cpe:2.3:a:microsoft:bing_images:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft bing Images
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Bing Images
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-09T23:26:03.784Z

Reserved: 2026-03-11T00:26:53.427Z

Link: CVE-2026-32194

cve-icon Vulnrichment

Updated: 2026-03-20T20:17:16.304Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T22:16:41.130

Modified: 2026-03-20T13:39:46.493

Link: CVE-2026-32194

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T11:05:58Z

Weaknesses