Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)

5-minute read May 12 2026 Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103) By Research Special Operations Subscribe 16 Critical 102 Important 0 Moderate 0 Low Microsoft addresses 118 CVEs in its May 2026 Patch Tuesday release, with no zero-days exploited in the wild or publicly disclosed for the first time since June 2024. Microsoft patched 118 CVEs in its May 2026 Patch Tuesday release, with 16 rated critical and 102 rated as important. Our counts omitted CVE-2025-54518, an AMD CPU OP Cache Corruption vulnerability issued by AMD. This month’s update includes patches for: .NET ASP.NET Core Azure AI Foundry M365 published agents Azure Cloud Shell Azure Connected Machine Agent Azure DevOps Azure Entra ID Azure Logic Apps Azure Machine Learning Azure Managed Instance for Apache Cassandra Azure Monitor Agent Azure Notification Service Azure SDK Copilot Chat (Microsoft Edge) Data Deduplication Dynamics Business Central GitHub Copilot and Visual Studio M365 Copilot M365 Copilot for Desktop Microsoft Data Formulator Microsoft Dynamics 365 (on-premises) Microsoft Dynamics 365 Customer Insights Microsoft Edge (Chromium-based) Microsoft Edge for Android Microsoft Office Microsoft Office Click-To-Run Microsoft Office Excel Microsoft Office PowerPoint Microsoft Office SharePoint Microsoft Office Word Microsoft Partner Center Microsoft SSO Plugin for Jira & Confluence Microsoft Teams Microsoft Windows DNS Power Automate SQL Server Telnet Client Visual Studio Code Windows Admin Center Windows Ancillary Function Driver for WinSock Windows Application Identity (AppID) Subsystem Windows Cloud Files Mini Filter Driver Windows Common Log File System Driver Windows Cryptographic Services Windows DWM Core Library Windows Event Logging Service Windows Filtering Platform (WFP) Windows GDI Windows Hyper-V Windows Internet Key Exchange (IKE) Protocol Windows Kernel Windows Kernel-Mode Drivers Windows LDAP - Lightweight Directory Access Protocol Windows Link-Layer Discovery Protocol (LLDP) Windows Message Queuing Windows Native WiFi Miniport Driver Windows Netlogon Windows Print Spooler Components Windows Projected File System Windows Remote Desktop Windows Rich Text Edit Windows Rich Text Edit Control Windows SMB Client Windows Secure Boot Windows Storage Spaces Controller Windows Storport Miniport Driver Windows TCP/IP Windows Telephony Service Windows Volume Manager Extension Driver Windows Win32K - GRFX Windows Win32K - ICOMP Elevation of Privilege (EoP) vulnerabilities accounted for 48.3% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 24.6%. Critical CVE-2026-41103 | Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability CVE-2026-41103 is an elevation of privilege vulnerability affecting Microsoft Single-Sign-On (SSO) Plugin for Jira & Confluence. It was assigned a CVSSv3 score of 9.1 and is rated as critical. It was assessed as "Exploitation More Likely" according to Microsoft's Exploitability Index. An unauthorized attacker could exploit this vulnerability during the process of logging in by sending a specially crafted response message. Successful exploitation would allow the attacker to sign-in using a forged identity without Microsoft Entra ID authentication, enabling access to or allowing an attacker to modify data in Jira and Confluence. However, the accessible information is not unfettered, as it is limited by the access defined by the targeted servers for the authorized user. Important CVE-2026-33841, CVE-2026-35420, CVE-2026-40369 | Windows Kernel Elevation of Privilege Vulnerabilities CVE-2026-33841, CVE-2026-35420 and CVE-2026-40369 are EoP vulnerabilities affecting the Windows Kernel. Each of the flaws have been assigned CVSSv3 scores of 7.8 and rated as important. Both CVE-2026-33841 and CVE-2026-40369 were assessed as "Exploitation More Likely," which could be abused by a local attacker to elevate to SYSTEM or Medium/High integrity level in the case of CVE-2026-33841. Including these three EoPs, there have been 13 disclosed Windows Kernel EoP vulnerabilities addressed so far in 2026. Critical CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 | Microsoft Word Remote Code Execution Vulnerabilities CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 RCE vulnerabilities affecting Microsoft Word. Each of these RCEs were assigned CVSSv3 scores of 8.4 and rated as critical, though CVE-2026-40361 and CVE-2026-40364 were the only ones assessed to be “Exploitation More Likely.” An attacker could exploit these flaws through social engineering by sending the malicious file to an intended target. Successful exploitation would grant code execution privileges to the attacker. Additionally, Microsoft notes that the Preview Pane is an attack vector for each of these vulnerabilities. Critical CVE-2026-41089 | Windows Netlogon Remote Code Execution Vulnerability CVE-2026-41089 is a RCE vulnerability affecting Windows Netlogon, a Windows Server process used for authentication within a domain. It was assigned a CVSSv3 score of 9.8 and rated as critical. A remote, unauthenticated attacker could exploit this flaw by sending a crafted network request to a Windows server running as a domain controller. This packet could exploit a stack-based buffer overflow flaw, allowing the attacker to execute code on an affected system. Despite the critical severity and near perfect CVSSv3 score, this flaw was assessed by Microsoft as “Exploitation Less Likely.” Tenable Solutions A list of all the plugins released for Microsoft’s May 2026 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched. For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable. Join Tenable's Research Special Operations (RSO) Team on Tenable Connect for further discussions on the latest cyber threats. Learn more about Tenable One, the Exposure Management Platform for the modern attack surface. Author Learn more Research Special Operations The Research Special Operations (RSO) team serves as Tenable’s Forward Logistics Element in the threat landscape, providing customers with the analyses and contextualized exposure intelligence required to manage risks to critical business assets. With over 150 years of collective expertise, this han... Read more Microsoft's May 2026 Security Updates Tenable plugins for Microsoft May 2026 Patch Tuesday Security Updates Related articles CYBER EXPOSURE ALERTS MAY 8 2026 Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about… By Scott Caveza RESEARCH MAY 8 2026 Why the approaching flood of vulnerabilities changes everything — and what to… By Raymond Carney AI SECURITY MAY 7 2026 The AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026. By Team Tenable Exposure Management Vulnerability Management Tenable Lumin Tenable Nessus Tenable Nessus Network Monitor Tenable One Tenable Patch Management Tenable Security Center Tenable Security Center Plus Tenable Vulnerability Management