Submit finding

All findings

CVE-2026-32191 critical

Microsoft Bing Images OS command injection credited by XBOW

CVE-2026-32191 is a critical Bing Images remote-code-execution issue that XBOW lists among autonomous findings in Microsoft software.

Bug class
OS command injection -> remote code execution
Affected codebase
Microsoft Bing Images
Credited system
XBOW
Disclosed
March 19, 2026
Attribution
Self-reported attribution
Severity
critical
Source status: XBOW self-report of AI attribution, corroborated by NVD/MSRC for the CVE, product, class, and severity.

Summary

CVE-2026-32191 is a Microsoft Bing Images remote-code-execution vulnerability. NVD describes it as improper neutralization of special elements used in an OS command, allowing an unauthorized attacker to execute code over a network.

XBOW lists CVE-2026-32191 as one of two critical Bing remote-code-execution issues that followed its March 2026 Microsoft Devices Pricing Program finding.

Attribution confidence

This is a self-reported AI-attributed finding. The NVD/MSRC record confirms the underlying vulnerability and severity. The autonomous-discovery claim is sourced to XBOW’s write-up.

We keep the entry because excluding self-reported but CVE-corroborated AI findings would erase an important part of the public record. We label it because direct upstream credit is stronger evidence.

References

Catalogued in the Bugflation public ledger. Disagree with the attribution or severity label? Email the desk.