What the vulnerability does
01Description
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32186
CRITICAL
CVE-2026-32186: Microsoft Bing Elevation of Privilege Vulnerability
CVSS base score
10.0/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Key dates
02Disclosure timeline
April 3, 2026
CVE published
June 1, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery
CVE-2024-13032 Antabot White-Jotter Article Editor editor server-side request forgery
CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection
CVE-2024-31461 Plane Server-Side Request Forgery (SSRF) Vulnerability
CVE-2024-48944 Apache Kylin: SSRF vulnerability in the diagnosis api
