CVE-2026-41094

Improper control of generation of code (‘code injection’) in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41094