CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability

...

CVE-2026-40374

CVE-2026-40374 concerns Exposure of sensitive information to an unauthorized actor in Power Automate Desktop. The connected documents indicate an information disclosure vulnerability affecting Power Automate Desktop, with a CVSS v3.1 base score of 6.5 (NETWORK, LOW attack complexity, PRIVILEGES R...

CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability

...

Microsoft Power Automate Desktop Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network...

KLA91036 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerabilit...

The vulnerability of the Power Automate for Desktop automation platform on Windows operating systems stems from an uncontrolled search path element, which allows a malicious individual to disclose protected information.

The vulnerability of the Power Automate for Desktop automation platform for Windows operating systems is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the system...

The vulnerability of the Power Automate for Desktop automation platform on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Power Automate for Desktop automation platform for Windows operating systems is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2024-43479

Microsoft Power Automate Desktop Remote Code Execution Vulnerability...

CVE-2024-43479

Microsoft Power Automate Desktop Remote Code Execution Vulnerability...

CVE-2024-43479

CVE-2024-43479 affects Microsoft Power Automate Desktop. The vulnerability enables remote code execution in the desktop app when an attacker registers the target machine to their malicious Entra tenant and uses a crafted Entra token to impersonate the user, leading to code execution in the user s...