CVE-2026-21229

Power BI Remote Code Execution Vulnerability

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

Improper input validation in Power BI allows an authorized attacker to execute code over a network.

Affected Versions

Affected from 1.6.0 before 15.0.1120.113

Fixed Versions

Versions after 15.0.1120.113

Acknowledgement of Country

The Missing Link acknowledges the Traditional Owners of the land where we work and live. We pay our respects to Elders past, present and emerging. We celebrate the stories, culture and traditions of Aboriginal and Torres Strait Islanders of all communities who also work and live on this land.