CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-33819

CVSS 10.0v3.1pub. 2026-04-23upd. 2026-05-05

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

🤖 AI Analysis
How it works

The attack mechanism is based on CWE-502 error — deserialization of untrusted input data. The attacker sends a crafted payload to the vulnerable Microsoft Bing component, which then deserializes its contents without proper validation. This leads to the application executing malicious code supplied by the attacker. The attack does not require authentication, user interaction, or special privileges, and its scope extends beyond the boundary of the directly attacked component (Scope: Changed).

Impact

An attacker can gain full control over the vulnerable system, including confidentiality, integrity, and availability of data — which corresponds to the maximum impact level in all three CVSS categories. Successful exploitation of the vulnerability can lead to environment takeover, data theft, or further lateral movement in the infrastructure.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33819. If immediate patch deployment is not possible, it is recommended to restrict network access to vulnerable components and increase monitoring of network traffic for anomalies.

Who is affected

Microsoft Bing — versions indicated in vendor references (Microsoft Security Response Center)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Microsoft Bing

    APP
    Microsoft
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2026-32186CRITICAL10.0PL ✓ten sam produkt

SSRF w Microsoft Bing umożliwia eskalację uprawnień przez sieć

CVE-2025-21355HIGH8.6ten sam produkt

Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code...

CVE-2026-45650MEDIUM4.3ten sam produkt

User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacke...

CVE-2026-26120MEDIUM6.5ten sam produkt

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over...

CVE-2021-33753MEDIUM4.7ten sam produkt

Microsoft Bing Search Spoofing Vulnerability