Description
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
Published: 2026-05-12
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper privilege management flaw in Microsoft Dynamics 365 Customer Insights. It allows an attacker who already has authorized access to the system to expand their privileges across the network, granting them permissions beyond those originally granted. This can undermine data integrity, confidentiality, and availability by enabling further malicious actions such as data exfiltration or unauthorized configuration changes.

Affected Systems

Affected software is Microsoft Dynamics 365 Customer Insights. No specific affected versions are listed in the advisory, so any deployment that has not applied the latest security updates may be vulnerable.

Risk and Exploitability

The CVSS score of 7.7 reflects a high severity of this privilege escalation. EPSS is not available, so the current likelihood of exploitation is unknown, and the vulnerability is not yet listed in the CISA KEV catalog. Based on the description, the likely attack vector is an authorized attacker exploiting the system over the network, such that the attacker must first authenticate or gain authorized access before taking advantage of the privilege escalation. When the flaw is exploited, it can result in a system-wide compromise within the network.

Generated by OpenCVE AI on May 12, 2026 at 18:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft security update for Dynamics 365 Customer Insights from the Microsoft Security Response Center.
  • Enforce least privilege by restricting application roles to the minimum permissions required for each user or service account.
  • Monitor for anomalous privilege escalation activity and review role assignments regularly.

Generated by OpenCVE AI on May 12, 2026 at 18:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft dynamics 365 Customer Insights
CPEs cpe:2.3:a:microsoft:dynamics_365_customer_insights:-:*:*:*:*:*:*:*
Vendors & Products Microsoft dynamics 365 Customer Insights

Wed, 13 May 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
Title Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft dynamics 365
Weaknesses CWE-269
CPEs cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:*:customer_insights:*:*
Vendors & Products Microsoft
Microsoft dynamics 365
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Dynamics 365 Dynamics 365 Customer Insights
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T19:33:45.848Z

Reserved: 2026-03-24T00:52:01.351Z

Link: CVE-2026-33821

cve-icon Vulnrichment

Updated: 2026-05-13T09:58:11.006Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T18:17:04.410

Modified: 2026-05-15T18:26:18.667

Link: CVE-2026-33821

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:30:23Z

Weaknesses