CVE-2026-55944 is a deserialization of untrusted data vulnerability in Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) that can lead to remote code execution. Microsoft rates it Critical with a CVSS v3.1 base score of 9.8 and temporal score of 8.5. The vector is network-based, with low attack complexity, no privileges required, and no user interaction required. Microsoft indicates no public disclosure and no known exploitation, but marks exploitation as more likely. For enterprise environments, this is a high-risk issue because it affects network-reachable services and does not require authentication or user interaction. Highlights: - CVSS scores: Base 9.8 - Temporal 8.5 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation More Likely - network vector, LOW attack complexity, NO privileges required, and NO user interaction required. - Severity for enterprise: Critical; highest concern for internet-facing or otherwise network-exposed Dynamics NAV / Business Central on-premises servers because exploitation can occur remotely without authentication or user interaction. - Patch status: available; customer action required. Affected systems: - Microsoft Dynamics NAV (On Premises) - Microsoft Dynamics 365 Business Central (On Premises)