External risk intelligence

Microsoft Dynamics NAV Deserialization Vulnerability Allows Network Code Execution

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-55944

Microsoft Dynamics NAV is an enterprise resource planning (ERP) system that is typically deployed within internal corporate networks. While it can be configured to be accessible over the internet for remote access or partner integration, it is not designed as a public-facing service by default.

Deserialization

Halo Surface Signal: 3 out of 5 — possibly public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory concerns a critical vulnerability in Microsoft Dynamics NAV, an enterprise resource planning system, that could allow an unauthorized attacker to execute code remotely over a network. The primary concern is confirming if your environment is exposed, as the direct business impact is currently unconfirmed.

  • Untrusted data can be misused to run unauthorized code.
  • Impacts critical business systems like Dynamics NAV.
  • Confirm relevance and potential exposure within your systems.

Attack Path

How an attacker could exploit the issue

An attacker could remotely send specially crafted data to an unauthenticated Microsoft Dynamics NAV instance. This data would be deserialized, allowing the attacker to execute arbitrary code on the system.

  • Network access required.
  • Deserializing untrusted data.
  • Remote code execution.

Live Threat

Current exploitation, exposure, and threat context

When supported, an unauthorized attacker could execute code over a network by exploiting a deserialization vulnerability in Microsoft Dynamics NAV. This could allow them to compromise the integrity and availability of the system, and potentially access sensitive information.

  • System code execution over a network.
  • Network-accessible deserialization of untrusted data.
  • Compromised system integrity and availability.

Operational Fix

Recommended remediation, mitigation, and detection steps

Given that this vulnerability impacts Microsoft Dynamics NAV, a critical ERP system, the primary responsibility for addressing it likely falls to the Application Owners and Infrastructure Teams managing the ERP environment. The initial practical step involves identifying all instances of Microsoft Dynamics NAV within the organization, determining their network exposure and business criticality, and locating the accountable system owner. Subsequently, a remediation plan should be developed based on the assessed risk, coordinating with relevant teams and potentially the vendor.

  • Application owners should take primary responsibility.
  • Verify network exposure and business criticality.
  • Plan remediation based on assessed risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Microsoft Dynamics NAV?

Microsoft Dynamics NAV is an enterprise resource planning (ERP) software platform used by businesses to manage core functions like finance, supply chain, and operations. It serves as a central hub for organizational data and business processes, often integrating with various other internal applications and databases to maintain daily operations.

What does deserialization of untrusted data mean for CVE-2026-55944?

This refers to a weakness classified as CWE-502. In simple terms, the software takes data from an outside source and converts it into an internal object without sufficient validation. If the software trusts this incoming data too much, an attacker can manipulate it to trick the system into running unauthorized commands or programs.

How does an attacker trigger this vulnerability?

An attacker triggers this by sending specially crafted data packets over a network to a vulnerable instance of the software. It is important to note that the flaw is not triggered by standard, legitimate user interactions or typical business data traffic; it requires the successful delivery of malicious input specifically designed to exploit the way the software handles data structures.

Do I need to worry if my Dynamics NAV instance is internal?

Yes, but your risk profile differs from internet-exposed systems. According to Halo Surface Signal, this software is typically kept inside corporate networks. While being internal provides a layer of protection, an attacker who has already breached your network perimeter could still target this service. Assess if your specific deployment is reachable from segments beyond your core trusted users.

How should I begin responding to this threat?

Start by conducting a thorough inventory to locate every instance of Dynamics NAV running in your environment. Once identified, work with the specific application owners to document the network placement and business importance of each instance. Use this information to prioritize which systems need immediate review and remediation planning to mitigate potential unauthorized code execution risks.

References