Cyber Posture

CVE-2026-40417

High

Published: 12 May 2026

Published
12 May 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score N/A
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-40417 is a high-severity Weak Authentication (CWE-1390) vulnerability. Its CVSS base score is 7.8 (High).

Operationally, it is not currently listed in the CISA KEV catalog.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AC-9 Previous Logon Notification
addresses: CWE-1390

Helps detect exploitation of weak authentication mechanisms by notifying of previous unauthorized logons.

IA-1 Policy and Procedures
addresses: CWE-1390

The IA policy requires strong authentication methods, reducing use of weak authentication.

IA-10 Adaptive Authentication
addresses: CWE-1390

Enforces dynamic, context-aware authentication that mitigates weak static authentication by increasing requirements based on risk or conditions.

IA-2 Identification and Authentication (Organizational Users)
addresses: CWE-1390

Enforces authentication for users, reducing the viability of weak authentication mechanisms.

IA-7 Cryptographic Module Authentication
addresses: CWE-1390

Requires authentication mechanisms to meet applicable standards and guidelines, preventing weak authentication.

NVD Description

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-1390

References