Vulnerability Details CVE-2026-58647
Improper neutralization of input during web page generation ('cross-site scripting') in Power BI allows an authorized attacker to perform spoofing over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 27.0%
CVSS Severity
CVSS v3 Score 8.0
Products affected by CVE-2026-58647
-
cpe:2.3:a:microsoft:power_bi_report_server:-
-
cpe:2.3:a:microsoft:power_bi_report_server:15.0.1103.234
-
cpe:2.3:a:microsoft:power_bi_report_server:15.0.1104.300
-
cpe:2.3:a:microsoft:power_bi_report_server:15.0.1107.165
-
cpe:2.3:a:microsoft:power_bi_report_server:15.0.1111.115