CVE-2026-40374
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2026-05-12

Last updated on: 2026-05-19

Assigner: Microsoft Corporation

Description
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-12
Last Modified
2026-05-19
Generated
2026-05-20
EPSS Evaluated
2026-05-19
NVD
CVE-2026-40374
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
microsoft power_automate_for_desktop to 2.67 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart