CVE-2026-40417
Published: 12 May 2026
Summary
CVE-2026-40417 is a high-severity Weak Authentication (CWE-1390) vulnerability in Microsoft Dynamics 365 Business Central. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-29674
Vulnerability details
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local privilege escalation via weak authentication directly matches exploitation of a software vulnerability for elevation of privileges.
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Helps detect exploitation of weak authentication mechanisms by notifying of previous unauthorized logons.
The IA policy requires strong authentication methods, reducing use of weak authentication.
Enforces dynamic, context-aware authentication that mitigates weak static authentication by increasing requirements based on risk or conditions.
Enforces authentication for users, reducing the viability of weak authentication mechanisms.
Requires authentication mechanisms to meet applicable standards and guidelines, preventing weak authentication.