PT-2026-58285 · Microsoft · Power Bi Report Server

Published

2026-07-14

·

Updated

2026-07-15

·

CVE-2026-58647

CVSS v3.1

8.0

High

VectorAV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Power BI Report Server versions prior to 15.0.1121.120
Description Improper neutralization of input during web page generation leads to cross-site scripting (XSS), a technique where malicious scripts are injected into trusted websites. This allows an authorized attacker to perform spoofing over a network by slipping deceptive content into the browsers of other users.
Recommendations Update Power BI Report Server to version 15.0.1121.120 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58647

Affected Products

Power Bi Report Server