{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/data-formulator/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-41094"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Data Formulator"],"_cs_severities":["high"],"_cs_tags":["code-injection","cve"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-41094 is a code injection vulnerability affecting Microsoft Data Formulator. According to the NVD and Microsoft\u0026rsquo;s advisory, an unauthorized attacker can exploit this vulnerability to execute arbitrary code over a network. The vulnerability stems from improper control of code generation within the Data Formulator. Successful exploitation requires network access to the vulnerable Data Formulator instance. Given the high CVSS score (8.8), this vulnerability poses a significant risk, potentially allowing attackers to gain control of affected systems and networks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable instance of Microsoft Data Formulator accessible over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request containing injected code. This could involve manipulating input fields or parameters processed by the Data Formulator.\u003c/li\u003e\n\u003cli\u003eThe malicious request is sent to the vulnerable Data Formulator instance.\u003c/li\u003e\n\u003cli\u003eThe Data Formulator processes the malicious request, improperly generating code based on the attacker-supplied input.\u003c/li\u003e\n\u003cli\u003eThe injected code is executed within the context of the Data Formulator application.\u003c/li\u003e\n\u003cli\u003eDepending on the injected code, the attacker can achieve various objectives, such as executing system commands, accessing sensitive data, or establishing a persistent backdoor.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the executed code to move laterally within the network, potentially compromising other systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41094 allows an attacker to execute arbitrary code on systems running Microsoft Data Formulator. The vulnerability has a CVSS v3.1 score of 8.8, indicating a high severity. This can lead to complete system compromise, data breaches, and potential lateral movement within the network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Microsoft to patch CVE-2026-41094 as soon as possible; reference the advisory URL in the references section.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious Data Formulator Code Injection\u0026rdquo; to your SIEM to identify potential exploitation attempts based on web requests.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity targeting Microsoft Data Formulator instances.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T18:51:11Z","date_published":"2026-05-12T18:51:11Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-41094-data-formulator-code-injection/","summary":"CVE-2026-41094 is a code injection vulnerability in Microsoft Data Formulator, allowing an unauthorized attacker to execute arbitrary code over a network.","title":"CVE-2026-41094: Microsoft Data Formulator Code Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-41094-data-formulator-code-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Data Formulator","version":"https://jsonfeed.org/version/1.1"}