Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Today’s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge.<\/p>\n
There are no already disclosed or already exploited vulnerabilities included in today’s patches. I removed the Chromium issues from the table below and\u00a0included only the 137 Microsoft issues to make it more readable.<\/p>\n
Note that issues related to Microsoft Azure are labeled as “no customer action required.\u00a0<\/p>\n
Significant Vulnerabilities of interest:<\/p>\n
CVE-2026-41103: This vulnerability affects the\u00a0Microsoft SSO Plugin for Jira & Confluence. Exploitation could lead to an elevation of privileges. With ongoing supply chain attacks, development and CI\/CD tools like Jira and Confluence are popular targets.\u00a0<\/p>\n
CVE-2026-41089: A preauthentication remote code execution vulnerability in the Netlogon service will always be a juicy target, worth some AI tokens to write an exploit for.<\/p>\n
Other critical vulnerabilities include the usual Word and Microsoft Office issues.<\/p>\n
| Description<\/th>\n<\/tr>\n | |||||||
|---|---|---|---|---|---|---|---|
| CVE<\/th>\n | Disclosed<\/th>\n | Exploited<\/th>\n | Exploitability (old versions)<\/th>\n | current version<\/th>\n | Severity<\/th>\n | CVSS Base (AVG)<\/th>\n | CVSS Temporal (AVG)<\/th>\n<\/tr>\n<\/thead>\n |
| .NET Core Tampering Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-32175%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 4.3<\/td>\n | 3.8<\/td>\n<\/tr>\n |
| .NET Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-32177%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.3<\/td>\n | 6.4<\/td>\n<\/tr>\n |
| %%cve:2026-35433%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.3<\/td>\n | 6.4<\/td>\n<\/tr>\n |
| ASP.NET Core Denial of Service Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-42899%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.5<\/td>\n | 6.5<\/td>\n<\/tr>\n |
| Azure AI Foundry Elevation of Privilege Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35435%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.6<\/td>\n | 7.5<\/td>\n<\/tr>\n |
| Azure Cloud Shell Spoofing Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35428%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 9.6<\/td>\n | 8.3<\/td>\n<\/tr>\n |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40381%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Azure DevOps Information Disclosure Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-42826%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 10.0<\/td>\n | 8.7<\/td>\n<\/tr>\n |
| Azure Logic Apps Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-42823%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 9.9<\/td>\n | 8.6<\/td>\n<\/tr>\n |
| Azure Machine Learning Notebook Spoofing Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-32207%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| %%cve:2026-33833%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.2<\/td>\n | 7.1<\/td>\n<\/tr>\n |
| Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-33109%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 9.9<\/td>\n | 8.6<\/td>\n<\/tr>\n |
| %%cve:2026-33844%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 9.0<\/td>\n | 7.8<\/td>\n<\/tr>\n |
| Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41105%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.1<\/td>\n | 7.1<\/td>\n<\/tr>\n |
| Azure Monitor Agent Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-32204%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-42830%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 6.5<\/td>\n | 5.7<\/td>\n<\/tr>\n |
| Azure SDK for Java Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-33117%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 9.1<\/td>\n | 7.9<\/td>\n<\/tr>\n |
| Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-33111%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 7.5<\/td>\n | 6.5<\/td>\n<\/tr>\n |
| Data Deduplication Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41095%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41109%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35424%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.5<\/td>\n | 6.5<\/td>\n<\/tr>\n |
| M365 Copilot Information Disclosure Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-26129%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 7.5<\/td>\n | 6.5<\/td>\n<\/tr>\n |
| %%cve:2026-26164%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 7.5<\/td>\n | 6.5<\/td>\n<\/tr>\n |
| M365 Copilot for Desktop Spoofing Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41614%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 6.2<\/td>\n | 5.4<\/td>\n<\/tr>\n |
| Microsoft 365 Copilot for Android Spoofing Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41100%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 4.4<\/td>\n | 3.9<\/td>\n<\/tr>\n |
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40377%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Microsoft Data Formulator Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41094%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40417%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-33821%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 7.7<\/td>\n | 6.7<\/td>\n<\/tr>\n |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-42898%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 9.9<\/td>\n | 8.6<\/td>\n<\/tr>\n |
| %%cve:2026-42833%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 9.1<\/td>\n | 7.9<\/td>\n<\/tr>\n |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-42838%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 5.4<\/td>\n | 4.7<\/td>\n<\/tr>\n |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41107%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Moderate<\/td>\n | 7.4<\/td>\n | 6.4<\/td>\n<\/tr>\n |
| Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-42891%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Moderate<\/td>\n | 6.5<\/td>\n | 5.7<\/td>\n<\/tr>\n |
| %%cve:2026-35429%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Moderate<\/td>\n | 4.3<\/td>\n | 3.9<\/td>\n<\/tr>\n |
| %%cve:2026-40416%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Low<\/td>\n | 4.3<\/td>\n | 3.8<\/td>\n<\/tr>\n |
| Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40379%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 9.3<\/td>\n | 8.1<\/td>\n<\/tr>\n |
| Microsoft Excel Information Disclosure Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40360%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Microsoft Excel Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40359%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-40362%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34329%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| Microsoft Office Click-To-Run Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40419%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-40418%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-35436%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| %%cve:2026-40420%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| Microsoft Office Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40363%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.4<\/td>\n | 7.3<\/td>\n<\/tr>\n |
| %%cve:2026-42831%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-40358%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.4<\/td>\n | 7.3<\/td>\n<\/tr>\n |
| Microsoft Office Spoofing Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-42832%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.7<\/td>\n | 6.7<\/td>\n<\/tr>\n |
| Microsoft Outlook for iOS Tampering Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-42893%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.4<\/td>\n | 6.4<\/td>\n<\/tr>\n |
| Microsoft Partner Center Spoofing Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34327%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.2<\/td>\n | 7.1<\/td>\n<\/tr>\n |
| Microsoft Power Automate Desktop Information Disclosure Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40374%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 6.5<\/td>\n | 5.7<\/td>\n<\/tr>\n |
| Microsoft PowerPoint for Android Spoofing Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41102%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.1<\/td>\n | 6.2<\/td>\n<\/tr>\n |
| Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41103%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 9.1<\/td>\n | 7.9<\/td>\n<\/tr>\n |
| Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35439%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| %%cve:2026-40368%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.0<\/td>\n | 7.0<\/td>\n<\/tr>\n |
| %%cve:2026-33110%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| %%cve:2026-33112%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| %%cve:2026-40357%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| %%cve:2026-40365%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| Microsoft Team Events Portal Information Disclosure Vulnerability \n\t\t\t(no customer action required)<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-33823%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 9.6<\/td>\n | 8.3<\/td>\n<\/tr>\n |
| Microsoft Teams Spoofing Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-32185%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 5.5<\/td>\n | 4.8<\/td>\n<\/tr>\n |
| Microsoft Word Information Disclosure Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35440%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 5.5<\/td>\n | 4.8<\/td>\n<\/tr>\n |
| %%cve:2026-40421%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 4.3<\/td>\n | 3.8<\/td>\n<\/tr>\n |
| Microsoft Word Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40364%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.4<\/td>\n | 7.3<\/td>\n<\/tr>\n |
| %%cve:2026-40366%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.4<\/td>\n | 7.3<\/td>\n<\/tr>\n |
| %%cve:2026-40361%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.4<\/td>\n | 7.3<\/td>\n<\/tr>\n |
| %%cve:2026-40367%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.4<\/td>\n | 7.3<\/td>\n<\/tr>\n |
| Microsoft Word for Android Spoofing Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41101%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.1<\/td>\n | 6.2<\/td>\n<\/tr>\n |
| SQL Server Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40370%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| Secure Boot Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41097%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 6.7<\/td>\n | 5.8<\/td>\n<\/tr>\n |
| Visual Studio Code Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41613%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| Visual Studio Code Information Disclosure Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41612%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 5.5<\/td>\n | 4.8<\/td>\n<\/tr>\n |
| Visual Studio Code Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41611%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Visual Studio Code Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41610%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 6.3<\/td>\n | 5.5<\/td>\n<\/tr>\n |
| Win32k Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-33839%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.0<\/td>\n | 6.1<\/td>\n<\/tr>\n |
| %%cve:2026-33840%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-34330%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-34331%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.0<\/td>\n | 6.1<\/td>\n<\/tr>\n |
| Windows 11 Telnet Client Information Disclosure Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35423%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 5.4<\/td>\n | 4.7<\/td>\n<\/tr>\n |
| Windows Admin Center Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35438%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.3<\/td>\n | 7.2<\/td>\n<\/tr>\n |
| Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41086%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34344%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-34345%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.0<\/td>\n | 6.1<\/td>\n<\/tr>\n |
| %%cve:2026-35416%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.0<\/td>\n | 6.1<\/td>\n<\/tr>\n |
| %%cve:2026-41088%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34343%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35418%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-33835%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-34337%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40407%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-40397%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows DNS Client Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41096%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 9.8<\/td>\n | 8.5<\/td>\n<\/tr>\n |
| Windows DWM Core Library Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-42896%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows DWM Core Library Information Disclosure Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35419%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 5.5<\/td>\n | 4.8<\/td>\n<\/tr>\n |
| %%cve:2026-34336%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Event Logging Service Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-33834%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-32209%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 4.4<\/td>\n | 3.9<\/td>\n<\/tr>\n |
| Windows GDI Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35421%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Graphics Component Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40403%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 8.8<\/td>\n | 7.7<\/td>\n<\/tr>\n |
| Windows Hyper-V Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40402%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 9.3<\/td>\n | 8.1<\/td>\n<\/tr>\n |
| Windows Kernel Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-33841%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-35420%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-40369%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Kernel-Mode Driver Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34332%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.0<\/td>\n | 7.0<\/td>\n<\/tr>\n |
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34339%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 5.5<\/td>\n | 4.8<\/td>\n<\/tr>\n |
| Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34341%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.0<\/td>\n | 6.1<\/td>\n<\/tr>\n |
| Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-33838%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-32161%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 7.5<\/td>\n | 6.5<\/td>\n<\/tr>\n |
| Windows Netlogon Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-41089%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Critical<\/td>\n | 9.8<\/td>\n | 8.5<\/td>\n<\/tr>\n |
| Windows Print Spooler Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34342%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.0<\/td>\n | 6.1<\/td>\n<\/tr>\n |
| Windows Projected File System Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34340%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.0<\/td>\n | 6.1<\/td>\n<\/tr>\n |
| Windows Remote Desktop Services Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40398%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Rich Text Edit Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-21530%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 6.7<\/td>\n | 5.8<\/td>\n<\/tr>\n |
| %%cve:2026-32170%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 6.7<\/td>\n | 5.8<\/td>\n<\/tr>\n |
| Windows SMB Client Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40410%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.0<\/td>\n | 6.1<\/td>\n<\/tr>\n |
| Windows Storage Spaces Controller Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35415%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Storport Miniport Driver Denial of Service Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34350%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 6.5<\/td>\n | 5.7<\/td>\n<\/tr>\n |
| Windows TCP\/IP Denial of Service Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40405%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.5<\/td>\n | 6.5<\/td>\n<\/tr>\n |
| %%cve:2026-40414%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.4<\/td>\n | 6.4<\/td>\n<\/tr>\n |
| %%cve:2026-40401%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.1<\/td>\n | 6.2<\/td>\n<\/tr>\n |
| %%cve:2026-40413%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.4<\/td>\n | 6.4<\/td>\n<\/tr>\n |
| Windows TCP\/IP Driver Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-35422%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 6.5<\/td>\n | 5.7<\/td>\n<\/tr>\n |
| Windows TCP\/IP Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34351%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-40399%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-34334%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows TCP\/IP Information Disclosure Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40406%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.5<\/td>\n | 6.5<\/td>\n<\/tr>\n |
| Windows TCP\/IP Local Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-33837%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows TCP\/IP Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40415%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 8.1<\/td>\n | 7.1<\/td>\n<\/tr>\n |
| Windows Telephony Service Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-42825%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.0<\/td>\n | 6.1<\/td>\n<\/tr>\n |
| %%cve:2026-34338%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-40382%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Volume Manager Extension Driver Remote Code Execution Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40380%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 6.2<\/td>\n | 5.4<\/td>\n<\/tr>\n |
| Windows WAN ARP Driver Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-40408%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| Windows Win32k Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n | |||||||
| %%cve:2026-34333%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n |
| %%cve:2026-34347%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.0<\/td>\n | 6.1<\/td>\n<\/tr>\n |
| %%cve:2026-35417%%<\/td>\n | No<\/td>\n | No<\/td>\n | –<\/td>\n | –<\/td>\n | Important<\/td>\n | 7.8<\/td>\n | 6.8<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n — (c) SANS Internet Storm Center. https:\/\/isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.<\/p><\/div>\n \t |