CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-32186

CVSS 10.0v3.1pub. 2026-04-03upd. 2026-04-13

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.

🤖 AI Analysis
How it works

The SSRF (CWE-918) vulnerability consists of the application server executing network requests based on data supplied by an attacker, without proper validation. An unauthorized attacker can manipulate requests sent by the Microsoft Bing server, directing them to internal resources or other systems. The attack vector is network-based, requires no authentication or user interaction, and the scope of the breach extends beyond the directly attacked component (S:C in the CVSS vector).

Impact

An attacker can obtain unauthorized privilege escalation, which combined with maximum impact on confidentiality, integrity and availability (C:H/I:H/A:H) can lead to takeover of service resources or gaining access to internal infrastructure.

Mitigation & patch

Apply patches available from the vendor according to references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32186

Who is affected

Microsoft Bing — versions indicated in the vendor's references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Microsoft Bing

    APP
    Microsoft
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
SSRF
CWE
References

Related vulnerabilities

CVE-2026-33819CRITICAL10.0PL ✓ten sam produkt

Zdalna deserializacja danych w Microsoft Bing umożliwia RCE

CVE-2025-21355HIGH8.6ten sam produkt

Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code...

CVE-2026-45650MEDIUM4.3ten sam produkt

User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacke...

CVE-2026-26120MEDIUM6.5ten sam produkt

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over...

CVE-2021-33753MEDIUM4.7ten sam produkt

Microsoft Bing Search Spoofing Vulnerability