Cyber Resilience

CVE-2026-40417

HighUpdated

Published: 12 May 2026

Published
12 May 2026
Modified
03 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 14.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-40417 is a high-severity Weak Authentication (CWE-1390) vulnerability in Microsoft Dynamics 365 Business Central. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local privilege escalation via weak authentication directly matches exploitation of a software vulnerability for elevation of privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-47995Same vendor: Microsoft
CVE-2026-21231Same vendor: Microsoft
CVE-2026-32091Same vendor: Microsoft
CVE-2026-25174Same vendor: Microsoft
CVE-2026-42823Same vendor: Microsoft
CVE-2025-59247Same vendor: Microsoft
CVE-2025-49687Same vendor: Microsoft
CVE-2026-27920Same vendor: Microsoft
CVE-2026-27924Same vendor: Microsoft
CVE-2026-20923Same vendor: Microsoft

Affected Assets

microsoft
dynamics 365 business central
2024, 2025, 2026

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-1390

Helps detect exploitation of weak authentication mechanisms by notifying of previous unauthorized logons.

addresses: CWE-1390

The IA policy requires strong authentication methods, reducing use of weak authentication.

addresses: CWE-1390

Enforces dynamic, context-aware authentication that mitigates weak static authentication by increasing requirements based on risk or conditions.

addresses: CWE-1390

Enforces authentication for users, reducing the viability of weak authentication mechanisms.

addresses: CWE-1390

Requires authentication mechanisms to meet applicable standards and guidelines, preventing weak authentication.

References