CVE-2026-32172 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-32172 PUBLISHED CVSS 8 HIGH

Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.

Risk Scores

CVSS v3.1

8

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft Power Apps	-
microsoft	power-apps	*

Timeline

Apr 14, 2026 CVE Published
Apr 23, 2026 CVE Updated
Apr 24, 2026 Security Advisory
Apr 24, 2026 Security Advisory
May 5, 2026 Security Advisory

References

Microsoft Power Apps Remote Code Execution Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-32172 advisory

Open in Interactive Console →