Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
Microsoft Data Formulator
Exploit
CVE-2026-41094
Microsoft MSRC
Microsoft Patch Tuesday