Cyber Resilience

CVE-2026-32210

Critical

Published: 23 April 2026

Published
23 April 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v3.1 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS Score 0.0058 43.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-32210 is a critical-severity SSRF (CWE-918) vulnerability in Microsoft Dynamics 365. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-32210 is a server-side request forgery (SSRF) vulnerability, mapped to CWE-918, affecting Microsoft Dynamics 365 (Online). Published on 2026-04-23T22:16:35.260, it carries a CVSS v3.1 base score of 9.3 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N), indicating critical severity due to network accessibility, low complexity, no privileges required, and high impacts on confidentiality and integrity with a changed scope.

An unauthorized attacker can exploit this vulnerability over the network by tricking a user into some interaction that triggers the SSRF, enabling spoofing attacks. Successful exploitation allows the attacker to achieve high confidentiality and integrity impacts across the changed scope, without affecting availability.

Mitigation details are available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32210.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF vulnerability in publicly accessible Microsoft Dynamics 365 (Online) directly enables initial access by exploiting a weakness in an Internet-facing application over the network (AV:N), matching T1190. User interaction requirement aligns with common SSRF delivery but does not change the core mapping.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-62211Same product: Microsoft Dynamics 365
CVE-2025-62210Same product: Microsoft Dynamics 365
CVE-2026-42833Same product: Microsoft Dynamics 365
CVE-2026-42898Same product: Microsoft Dynamics 365
CVE-2026-35431Same vendor: Microsoft
CVE-2026-26139Same vendor: Microsoft
CVE-2026-26120Same vendor: Microsoft
CVE-2025-21385Same vendor: Microsoft
CVE-2025-21177Same vendor: Microsoft
CVE-2025-59503Same vendor: Microsoft

Affected Assets

microsoft
dynamics 365
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates and sanitizes user inputs that trigger server-side requests, preventing SSRF exploitation in Microsoft Dynamics 365.

prevent

Enforces flow control policies to block unauthorized server requests to internal or external resources targeted by SSRF attacks.

prevent

Monitors and controls outbound communications at boundaries, mitigating SSRF by restricting access to spoofed network destinations.

References