cve-2026-40374

About this tag
CVE-2026-40374 is a confirmed information disclosure vulnerability in Microsoft Power Automate Desktop, as published in Microsoft's Security Update Guide. The flaw affects the desktop automation product, which often has access to browsers, credentials, business applications, file shares, and unattended workflows. While the advisory is sparse, the vulnerability is significant because Power Automate Desktop sits in a dangerous middle ground as a low-code convenience layer. An information disclosure bug in this context may not appear severe on a severity dashboard, but it can serve as quiet connective tissue for a larger compromise. Discussions on WindowsForum cover the implications of this vulnerability and the importance of applying the patch.
  1. CVE-2026-40374: Patch Microsoft Power Automate Desktop Info Disclosure

    Microsoft has published CVE-2026-40374 as a Microsoft Power Automate Desktop information disclosure vulnerability in its Security Update Guide, identifying the issue as a confirmed flaw in the desktop automation product rather than a speculative or third-party-only report. The sparse advisory...