anonhaven
Ad

CVE-2026-32186

CRITICAL CVSS 3.1: 10.0 EPSS 0.09%
Updated Apr 07, 2026
Microsoft
Parameter Value
CVSS 10.0 (CRITICAL)
Type CWE-918 (Server-Side Request Forgery (SSRF))
Vendor Microsoft
Public PoC No

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-918 Server-Side Request Forgery (SSRF)

References 1

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32186
secure@microsoft.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33825

Microsoft

7.8

CVE-2026-33822

Microsoft

6.1

CVE-2026-33115

Microsoft

8.4

CVE-2026-33114

Microsoft

8.4

CVE-2026-33103

Microsoft

5.5