CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-26149

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.0%

CVSS Severity

CVSS v3 Score 9.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26149

Products affected by CVE-2026-26149

Microsoft » Power Apps » Version: N/A

cpe:2.3:a:microsoft:power_apps:-
Microsoft » Power Apps » Version: 3.25121

cpe:2.3:a:microsoft:power_apps:3.25121

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-26149

Products

Pricing

Contact Us