Microsoft Dynamics 365 (on-premises) < 9.1.44.15 Information Disclosure (April 2026)

medium Nessus Plugin ID 307011

Synopsis

The Microsoft Dynamics 365 (on-premises) is affected by an information disclosure vulnerability.

Description

The Microsoft Dynamics 365 (on-premises) is missing security updates. It is, therefore, affected by an information disclosure vulnerability:

- Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. (CVE-2026-33103)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Microsoft has released the following security updates to address this issue:
-KB5078943

Plugin Details

Severity: Medium

ID: 307011

File Name: smb_nt_ms26_apr_microsoft_dynamics_1_44.nasl

Version: 1.1

Type: Local

Agent: windows

Family: Windows : Microsoft Bulletins

Published: 4/17/2026

Updated: 4/17/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2026-33103

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:dynamics_365

Required KB Items: installed_sw/Microsoft Dynamics 365 Server

Patch Publication Date: 4/14/2026

Vulnerability Publication Date: 4/14/2026

Reference Information

CVE: CVE-2026-33103

CWE: 284

IAVA: 2026-A-0350

MSFT: MS26-5078943

MSKB: 5078943

Detections

Analytics

Microsoft Dynamics 365 (on-premises) < 9.1.44.15 Information Disclosure (April 2026)

medium Nessus Plugin ID 307011

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information