Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above. Windows Netlogon: critical RCE Anyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089 , which is a critical stack-based buffer ove
Full text archived locally
✦ AI Summary· Claude Sonnet
Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above.Windows Netlogon: critical RCEAnyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089, which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges or user interaction are required, and attack complexity is low, which suggests that creation of a reliable exploit might not be especially difficult for anyone with knowledge of the specific mechanism.Microsoft assesses exploitation as less likely, but since those exploitability assessments are provided without an accompanying explanation, it’s not clear how much reassurance defenders should take. Anyone who remembers the much-discussed CVE-2020-1472 (aka ZeroLogon) back in 2020 will note that CVE-2026-41089 offers an attacker more immediate control of a domain controller. Patches are available for all versions of Windows Server from 2012 onwards.Windows DNS Client: critical RCEAn attacker looking for a master key for Windows assets will pay attention to CVE-2026-41096, a critical RCE in the Windows DNS client implementation. A modern computer talks to DNS the way a child in the back of a car asks “are we there yet?” The variable and complex structure of DNS responses means that DNS client implementations are also complex and thus prone to flaws. Microsoft assesses exploitation as less likely, and we can hope that modern mitigations such as heap address randomization and optional-but-recommended encrypted channel DNS will make weaponization significantly more challenging by putting barriers across specific paths to exploitation. The DNS client on Windows runs as the NetworkService role, rather than SYSTEM, but a foothold is a foothold, and skilled attackers expect to chain exploits together.JIRA/Confluence Entra ID auth plugin: critical EoPIf you’re still self-hosting Atlassian JIRA or Confluence and relying on the Microsoft Entra ID authentication plugin, you’ll want to know about CVE-2026-41103. This critical elevation of privilege vulnerability allows an unauthorized attacker to impersonate an existing user by presenting forged credentials, thus bypassing Entra ID. Microsoft expects that exploitation is more likely. Even if you can’t always find what you want on the corporate Confluence, a motivated attacker probably will. Curiously, the patch links on the advisory lead to older versions of the plugins published in 2024.Microsoft WARP teamMicrosoft’s WARP team is credited with multiple critical vulnerabilities today, after making their first appearance in MSRC advisory acknowledgements in last month’s Patch Tuesday. We can speculate that they likely know a great deal about the current state of AI-powered vulnerability research as it applies to Microsoft products.Microsoft lifecycle updateThere are no significant Microsoft product lifecycle changes this month. Microsoft .NET 9 STS (Standard Term Support, as distinct from Long Term Support) was originally scheduled to move past the end of support in May 2026, but late last year, Microsoft granted a six-month extension, so that .NET 9 STS now reaches end of support on November 10, 2026.Summary charts
Summary tablesApps vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-26129M365 Copilot Information Disclosure VulnerabilityN/ANo7.5CVE-2026-26164M365 Copilot Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-41614M365 Copilot for Desktop Spoofing VulnerabilityExploitation Less LikelyNo6.2CVE-2026-41100Microsoft 365 Copilot for Android Spoofing VulnerabilityExploitation UnlikelyNo4.4CVE-2026-42832Microsoft Office Spoofing VulnerabilityExploitation UnlikelyNo7.7CVE-2026-41101Microsoft Word for Android Spoofing VulnerabilityExploitation UnlikelyNo7.1Azure vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-35435Azure AI Foundry Elevation of Privilege VulnerabilityExploitation More LikelyNo8.6CVE-2026-35428Azure Cloud Shell Spoofing VulnerabilityN/ANo9.6CVE-2026-32207Azure Machine Learning Notebook Spoofing Vulnerabilityn/aNo8.8CVE-2026-33109Azure Managed Instance for Apache Cassandra Remote Code Execution VulnerabilityN/ANo9.9CVE-2026-33844Azure Managed Instance for Apache Cassandra Remote Code Execution VulnerabilityN/ANo9.0CVE-2026-41105Azure Monitor Action Group Notification System Elevation of Privilege VulnerabilityN/ANo8.1CVE-2026-40379Microsoft Enterprise Security Token Service (ESTS) Spoofing VulnerabilityN/ANo9.3CVE-2026-34327Microsoft Partner Center Spoofing VulnerabilityN/ANo8.2CVE-2026-40381Azure Connected Machine Agent Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42823Azure Logic Apps Elevation of Privilege VulnerabilityExploitation Less LikelyNo9.9CVE-2026-33833Azure Machine Learning Notebook Spoofing VulnerabilityExploitation Less LikelyNo8.2CVE-2026-32204Azure Monitor Agent Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42830Azure Monitor Agent Metrics Extension Elevation of Privilege VulnerabilityExploitation Less LikelyNo6.5CVE-2026-33117Azure SDK for Java Security Feature Bypass VulnerabilityExploitation UnlikelyNo9.1CVE-2026-41103Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege VulnerabilityExploitation More LikelyNo9.1CVE-2026-41086Windows Admin Center in Azure Portal Elevation of Privilege VulnerabilityExploitation Less LikelyNo8.8Browser vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-7898Chromium: CVE-2026-7898 Use after free in Chromotingn/aNoCVE-2026-7899Chromium: CVE-2026-7899 Out of bounds read and write in V8n/aNoCVE-2026-7900Chromium: CVE-2026-7900 Heap buffer overflow in ANGLEn/aNoCVE-2026-7901Chromium: CVE-2026-7901 Use after free in ANGLEn/aNoCVE-2026-7902Chromium: CVE-2026-7902 Out of bounds memory access in V8n/aNoCVE-2026-7903Chromium: CVE-2026-7903 Integer overflow in ANGLEn/aNoCVE-2026-7904Chromium: CVE-2026-7904 Out of bounds read in Fontsn/aNoCVE-2026-7906Chromium: CVE-2026-7906 Use after free in SVGn/aNoCVE-2026-7907Chromium: CVE-2026-7907 Use after free in DOMn/aNoCVE-2026-7908Chromium: CVE-2026-7908 Use after free in Fullscreenn/aNoCVE-2026-7909Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorkern/aNoCVE-2026-7910Chromium: CVE-2026-7910 Use after free in Viewsn/aNoCVE-2026-7911Chromium: CVE-2026-7911 Use after free in Auran/aNoCVE-2026-7914Chromium: CVE-2026-7914 Type Confusion in Accessibilityn/aNoCVE-2026-7916Chromium: CVE-2026-7916 Insufficient data validation in InterestGroupsn/aNoCVE-2026-7917Chromium: CVE-2026-7917 Use after free in Fullscreenn/aNoCVE-2026-7918Chromium: CVE-2026-7918 Use after free in GPUn/aNoCVE-2026-7919Chromium: CVE-2026-7919 Use after free in Auran/aNoCVE-2026-7920Chromium: CVE-2026-7920 Use after free in Skian/aNoCVE-2026-7921Chromium: CVE-2026-7921 Use after free in Passwordsn/aNoCVE-2026-7922Chromium: CVE-2026-7922 Use after free in ServiceWorkern/aNoCVE-2026-7923Chromium: CVE-2026-7923 Out of bounds write in Skian/aNoCVE-2026-7924Chromium: CVE-2026-7924 Uninitialized Use in Dawnn/aNoCVE-2026-7925Chromium: CVE-2026-7925 Use after free in Chromotingn/aNoCVE-2026-7926Chromium: CVE-2026-7926 Use after free in PresentationAPIn/aNoCVE-2026-7927Chromium: CVE-2026-7927 Type Confusion in Runtimen/aNoCVE-2026-7928Chromium: CVE-2026-7928 Use after free in WebRTCn/aNoCVE-2026-7929Chromium: CVE-2026-7929 Use after free in MediaRecordingn/aNoCVE-2026-7930Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookiesn/aNoCVE-2026-7932Chromium: CVE-2026-7932 Insufficient policy enforcement in Downloadsn/aNoCVE-2026-7933Chromium: CVE-2026-7933 Out of bounds read in WebCodecsn/aNoCVE-2026-7934Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blockern/aNoCVE-2026-7935Chromium: CVE-2026-7935 Inappropriate implementation in Speechn/aNoCVE-2026-7936Chromium: CVE-2026-7936 Object lifecycle issue in V8n/aNoCVE-2026-7937Chromium: CVE-2026-7937 Insufficient policy enforcement in DevToolsn/aNoCVE-2026-7938Chromium: CVE-2026-7938 Use after free in CSSn/aNoCVE-2026-7939Chromium: CVE-2026-7939 Inappropriate implementation in SanitizerAPIn/aNoCVE-2026-7940Chromium: CVE-2026-7940 Use after free in V8n/aNoCVE-2026-7942Chromium: CVE-2026-7942 Integer overflow in ANGLEn/aNoCVE-2026-7943Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLEn/aNoCVE-2026-7944Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cachen/aNoCVE-2026-7945Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOPn/aNoCVE-2026-7946Chromium: CVE-2026-7946 Insufficient policy enforcement in WebUIn/aNoCVE-2026-7947Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Networkn/aNoCVE-2026-7948Chromium: CVE-2026-7948 Race in Chromotingn/aNoCVE-2026-7949Chromium: CVE-2026-7949 Out of bounds read in Skian/aNoCVE-2026-7950Chromium: CVE-2026-7950 Out of bounds read and write in GFXn/aNoCVE-2026-7951Chromium: CVE-2026-7951 Out of bounds write in WebRTCn/aNoCVE-2026-7952Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensionsn/aNoCVE-2026-7953Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omniboxn/aNoCVE-2026-7954Chromium: CVE-2026-7954 Race in Shared Storagen/aNoCVE-2026-7955Chromium: CVE-2026-7955 Uninitialized Use in GPUn/aNoCVE-2026-7956Chromium: CVE-2026-7956 Use after free in Navigationn/aNoCVE-2026-7957Chromium: CVE-2026-7957 Out of bounds write in Median/aNoCVE-2026-7958Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorkern/aNoCVE-2026-7959Chromium: CVE-2026-7959 Inappropriate implementation in Navigationn/aNoCVE-2026-7960Chromium: CVE-2026-7960 Race in Speechn/aNoCVE-2026-7961Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissionsn/aNoCVE-2026-7962Chromium: CVE-2026-7962 Insufficient policy enforcement in DirectSocketsn/aNoCVE-2026-7963Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorkern/aNoCVE-2026-7964Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystemn/aNoCVE-2026-7965Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevToolsn/aNoCVE-2026-7966Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolationn/aNoCVE-2026-7967Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigationn/aNoCVE-2026-7968Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORSn/aNoCVE-2026-7969Chromium: CVE-2026-7969 Integer overflow in Networkn/aNoCVE-2026-7970Chromium: CVE-2026-7970 Use after free in TopChromen/aNoCVE-2026-7971Chromium: CVE-2026-7971 Inappropriate implementation in ORBn/aNoCVE-2026-7972Chromium: CVE-2026-7972 Uninitialized Use in GPUn/aNoCVE-2026-7973Chromium: CVE-2026-7973 Integer overflow in Dawnn/aNoCVE-2026-7974Chromium: CVE-2026-7974 Use after free in Blinkn/aNoCVE-2026-7975Chromium: CVE-2026-7975 Use after free in DevToolsn/aNoCVE-2026-7976Chromium: CVE-2026-7976 Use after free in Viewsn/aNoCVE-2026-7977Chromium: CVE-2026-7977 Inappropriate implementation in Canvasn/aNoCVE-2026-7978Chromium: CVE-2026-7978 Inappropriate implementation in Companionn/aNoCVE-2026-7979Chromium: CVE-2026-7979 Inappropriate implementation in Median/aNoCVE-2026-7980Chromium: CVE-2026-7980 Use after free in WebAudion/aNoCVE-2026-7981Chromium: CVE-2026-7981 Out of bounds read in Codecsn/aNoCVE-2026-7982Chromium: CVE-2026-7982 Uninitialized Use in WebCodecsn/aNoCVE-2026-7983Chromium: CVE-2026-7983 Out of bounds read in Dawnn/aNoCVE-2026-7984Chromium: CVE-2026-7984 Use after free in ReadingModen/aNoCVE-2026-7985Chromium: CVE-2026-7985 Use after free in GPUn/aNoCVE-2026-7986Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofilln/aNoCVE-2026-7987Chromium: CVE-2026-7987 Use after free in WebRTCn/aNoCVE-2026-7988Chromium: CVE-2026-7988 Type Confusion in WebRTCn/aNoCVE-2026-7989Chromium: CVE-2026-7989 Insufficient data validation in DataTransfern/aNoCVE-2026-7990Chromium: CVE-2026-7990 Insufficient validation of untrusted input in Updatern/aNoCVE-2026-7991Chromium: CVE-2026-7991 Use after free in UIn/aNoCVE-2026-7992Chromium: CVE-2026-7992 Insufficient validation of untrusted input in UIn/aNoCVE-2026-7994Chromium: CVE-2026-7994 Inappropriate implementation in Chromotingn/aNoCVE-2026-7995Chromium: CVE-2026-7995 Out of bounds read in AdFiltern/aNoCVE-2026-7996Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSLn/aNoCVE-2026-7997Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updatern/aNoCVE-2026-7998Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialogn/aNoCVE-2026-7999Chromium: CVE-2026-7999 Inappropriate implementation in V8n/aNoCVE-2026-8000Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDrivern/aNoCVE-2026-8001Chromium: CVE-2026-8001 Use after free in Printingn/aNoCVE-2026-8002Chromium: CVE-2026-8002 Use after free in Audion/aNoCVE-2026-8003Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroupsn/aNoCVE-2026-8004Chromium: CVE-2026-8004 Insufficient policy enforcement in DevToolsn/aNoCVE-2026-8005Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Castn/aNoCVE-2026-8006Chromium: CVE-2026-8006 Insufficient policy enforcement in DevToolsn/aNoCVE-2026-8007Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Castn/aNoCVE-2026-8008Chromium: CVE-2026-8008 Inappropriate implementation in DevToolsn/aNoCVE-2026-8009Chromium: CVE-2026-8009 Inappropriate implementation in Castn/aNoCVE-2026-8010Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolationn/aNoCVE-2026-8011Chromium: CVE-2026-8011 Insufficient policy enforcement in Searchn/aNoCVE-2026-8012Chromium: CVE-2026-8012 Inappropriate implementation in MHTMLn/aNoCVE-2026-8013Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCMn/aNoCVE-2026-8014Chromium: CVE-2026-8014 Inappropriate implementation in Preloadn/aNoCVE-2026-8015Chromium: CVE-2026-8015 Inappropriate implementation in Median/aNoCVE-2026-8016Chromium: CVE-2026-8016 Use after free in WebRTCn/aNoCVE-2026-8017Chromium: CVE-2026-8017 Side-channel information leakage in Median/aNoCVE-2026-8018Chromium: CVE-2026-8018 Insufficient policy enforcement in DevToolsn/aNoCVE-2026-8019Chromium: CVE-2026-8019 Insufficient policy enforcement in WebAppn/aNoCVE-2026-8021Chromium: CVE-2026-8021 Script injection in UIn/aNoCVE-2026-8022Chromium: CVE-2026-8022 Inappropriate implementation in MHTMLn/aNoCVE-2026-33111Copilot Chat (Microsoft Edge) Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-7896Chromium: CVE-2026-7896 Integer overflow in Blinkn/aNoCVE-2026-7897Chromium: CVE-2026-7897 Use after free in Mobilen/aNoCVE-2026-7905Chromium: CVE-2026-7905 Insufficient validation of untrusted input in Median/aNoCVE-2026-7912Chromium: CVE-2026-7912 Integer overflow in GPUn/aNoCVE-2026-7913Chromium: CVE-2026-7913 Insufficient policy enforcement in DevToolsn/aNoCVE-2026-7915Chromium: CVE-2026-7915 Insufficient data validation in DevToolsn/aNoCVE-2026-7931Chromium: CVE-2026-7931 Insufficient validation of untrusted input in iOSn/aNoCVE-2026-7941Chromium: CVE-2026-7941 Insufficient validation of untrusted input in Mobilen/aNoCVE-2026-7993Chromium: CVE-2026-7993 Insufficient validation of untrusted input in Paymentsn/aNoCVE-2026-8020Chromium: CVE-2026-8020 Uninitialized Use in GPUn/aNoCVE-2026-42838Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityExploitation Less LikelyNo5.4CVE-2026-42891Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityExploitation UnlikelyNo6.5CVE-2026-35429Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityExploitation UnlikelyNo4.3CVE-2026-40416Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityExploitation UnlikelyNo4.3CVE-2026-41107Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityExploitation Less LikelyNo7.4Developer Tools vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-42826Azure DevOps Information Disclosure VulnerabilityN/ANo10.0CVE-2026-32175.NET Core Tampering VulnerabilityExploitation Less LikelyNo4.3CVE-2026-32177.NET Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.3CVE-2026-35433.NET Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.3CVE-2026-42899ASP.NET Core Denial of Service VulnerabilityExploitation UnlikelyNo7.5CVE-2026-41109GitHub Copilot and Visual Studio Code Security Feature Bypass VulnerabilityExploitation Less LikelyNo8.8CVE-2026-41094Microsoft Data Formulator Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-41613Visual Studio Code Elevation of Privilege VulnerabilityExploitation Less LikelyNo8.8CVE-2026-41612Visual Studio Code Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-41611Visual Studio Code Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-41610Visual Studio Code Security Feature Bypass VulnerabilityExploitation Less LikelyNo6.3ESU vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2025-54518AMD: CVE-2025-54518 CPU OP Cache CorruptionExploitation UnlikelyNoCVE-2026-41095Data Deduplication Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-35424Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityExploitation UnlikelyNo7.5CVE-2026-40377Microsoft Cryptographic Services Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34329Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-41097Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo6.7CVE-2026-33839Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-34330Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-34331Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-35423Windows 11 Telnet Client Information Disclosure VulnerabilityExploitation UnlikelyNo5.4CVE-2026-34344Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34345Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35416Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation More LikelyNo7.0CVE-2026-41088Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-34343Windows Application Identity (AppID) Subsystem Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-35418Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-33835Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-34337Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40407Windows Common Log File System Driver Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40397Windows Common Log File System Driver Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-34336Windows DWM Core Library Information Disclosure VulnerabilityExploitation UnlikelyNo7.8CVE-2026-33834Windows Event Logging Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-32209Windows Filtering Platform (WFP) Security Feature Bypass VulnerabilityExploitation UnlikelyNo4.4CVE-2026-35421Windows GDI Remote Code Execution VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40403Windows Graphics Component Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-33841Windows Kernel Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-35420Windows Kernel Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34339Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityExploitation Less LikelyNo5.5CVE-2026-34341Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-33838Windows Message Queuing (MSMQ) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-32161Windows Native WiFi Miniport Driver Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-41089Windows Netlogon Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8CVE-2026-34342Windows Print Spooler Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-34340Windows Projected File System Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-40398Windows Remote Desktop Services Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-21530Windows Rich Text Edit Elevation of Privilege VulnerabilityExploitation Less LikelyNo6.7CVE-2026-32170Windows Rich Text Edit Elevation of Privilege VulnerabilityExploitation Less LikelyNo6.7CVE-2026-40410Windows SMB Client Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35415Windows Storage Spaces Controller Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40414Windows TCP/IP Denial of Service VulnerabilityExploitation UnlikelyNo7.4CVE-2026-40401Windows TCP/IP Denial of Service VulnerabilityExploitation UnlikelyNo7.1CVE-2026-40413Windows TCP/IP Denial of Service VulnerabilityExploitation Less LikelyNo7.4CVE-2026-35422Windows TCP/IP Driver Security Feature Bypass VulnerabilityExploitation UnlikelyNo6.5CVE-2026-34351Windows TCP/IP Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40399Windows TCP/IP Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34334Windows TCP/IP Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40406Windows TCP/IP Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-33837Windows TCP/IP Local Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-40415Windows TCP/IP Remote Code Execution VulnerabilityExploitation UnlikelyNo8.1CVE-2026-42825Windows Telephony Service Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-34338Windows Telephony Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40382Windows Telephony Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40380Windows Volume Manager Extension Driver Remote Code Execution VulnerabilityExploitation Less LikelyNo6.2CVE-2026-40408Windows WAN ARP Driver Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34333Windows Win32k Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34347Windows Win32k Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35417Windows Win32k Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8Mariner vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-7598libssh2 userauth.c userauth_password integer overflown/aNo7.3CVE-2026-43870Apache Thrift: Node.js web_server.js multi-vulnerabilityn/aNo7.3CVE-2026-43868Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 patternn/aNo5.3CVE-2026-43869Apache Thrift: TSSLTransportFactory.java hostname verificationn/aNo7.3Microsoft Dynamics vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-33821Microsoft Dynamics 365 Customer Insights Elevation of Privilege VulnerabilityN/ANo7.7CVE-2026-40417Microsoft Dynamics 365 Business Central Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42898Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityExploitation UnlikelyNo9.9CVE-2026-42833Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityExploitation Less LikelyNo9.1CVE-2026-40374Microsoft Power Automate Desktop Information Disclosure VulnerabilityExploitation Less LikelyNo6.5Open Source Software vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-31706ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()n/aNo8.8CVE-2026-31723usb: gadget: f_subset: Fix net_device lifecycle with device_moven/aNo7.8CVE-2026-31724usb: gadget: f_eem: Fix net_device lifecycle with device_moven/aNo7.8CVE-2026-43053xfs: close crash window in attr dabtree inactivationn/aNo5.5CVE-2026-43048HID: core: Mitigate potential OOB by removing bogus memset()n/aNo8.8CVE-2026-31777ALSA: ctxfi: Check the error for index mappingn/aNo7.0CVE-2026-31722usb: gadget: f_rndis: Fix net_device lifecycle with device_moven/aNo7.8CVE-2026-43036net: use skb_header_pointer() for TCPv4 GSO frag_off checkn/aNo5.5CVE-2026-31769gpib: fix use-after-free in IO ioctl handlersn/aNoCVE-2026-31707ksmbd: validate response sizes in ipc_validate_msg()n/aNo7.1CVE-2026-31725usb: gadget: f_ecm: Fix net_device lifecycle with device_moven/aNo7.8CVE-2026-43049HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failuren/aNo7.0CVE-2026-43022Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if existsn/aNoCVE-2026-43042mpls: add seqcount to protect the platform_label{,s} pairn/aNo7.1CVE-2026-31771Bluetooth: hci_event: move wake reason storage into validated event handlersn/aNo8.1CVE-2026-43052wifi: mac80211: check tdls flag in ieee80211_tdls_opern/aNo7.0CVE-2026-31709smb: client: validate the whole DACL before rewriting it in cifsacln/aNo8.8CVE-2026-43021Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once failsn/aNoCVE-2026-31712ksmbd: require minimum ACE size in smb_check_perm_dacl()n/aNo8.3CVE-2026-43010bpf: Reject sleepable kprobe_multi programs at attach timen/aNo5.5CVE-2026-43019Bluetooth: hci_conn: fix potential UAF in set_cig_params_syncn/aNo7.8CVE-2026-31729usb: typec: ucsi: validate connector number in ucsi_notify_common()n/aNo7.0CVE-2026-43045mshv: Fix error handling in mshv_region_pinn/aNoCVE-2026-43009bpf: Fix incorrect pruning due to atomic fetch precision trackingn/aNo7.8CVE-2026-31715f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()n/aNo5.5CVE-2026-31697crypto: ccp: Don't attempt to copy ID to userspace if PSP command failedn/aNo7.1CVE-2026-31721usb: gadget: f_hid: move list and spinlock inits from bind to allocn/aNo7.8CVE-2026-31711smb: server: fix active_num_conn leak on transport allocation failuren/aNo7.5CVE-2026-31699crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failedn/aNo7.1CVE-2026-31694fuse: reject oversized dirents in page cachen/aNo7.8CVE-2026-31705ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignmentn/aNo9.8CVE-2026-43033crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryptionn/aNo7.8CVE-2026-31696rxrpc: Fix missing validation of ticket length in non-XDR key preparsingn/aNo5.5CVE-2026-31698crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failedn/aNo7.1CVE-2026-31704ksmbd: use check_add_overflow() to prevent u16 DACL size overflown/aNo7.5CVE-2026-31702f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()n/aNo7.8CVE-2026-31708smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO pathn/aNo8.1CVE-2026-31700net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()n/aNo7.8CVE-2026-7598libssh2 userauth.c userauth_password integer overflown/aNo7.3CVE-2026-43058media: vidtv: fix pass-by-value structs causing MSAN warningsn/aNo7.1CVE-2026-37457n/aNo7.5CVE-2026-43964n/aNo3.7CVE-2026-43037ip6_tunnel: clear skb2->cb[] in ip4ip6_err()n/aNo7.0CVE-2026-33190CoreDNS TSIG authentication bypass on encrypted DNS transportsn/aNoCVE-2026-33489CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparisonn/aNoCVE-2026-32936CoreDNS DoH GET path missing size validation causes CPU and memory amplificationn/aNoCVE-2026-32934CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of servicen/aNoCVE-2026-35579CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transportsn/aNoCVE-2026-43073x86-64: rename misleadingly named '__copy_user_nocache()' functionn/aNo2.5CVE-2026-42151Prometheus Azure AD remote write OAuth client secret exposed via config APIn/aNo7.5CVE-2026-42154Prometheus: remote read endpoint allows denial of service via crafted snappy payloadn/aNo7.5CVE-2026-43125dlm: validate length in dlm_search_rsb_treen/aNo7.8CVE-2026-43248vhost: move vdpa group bound check to vhost_vdpan/aNo7.1CVE-2026-43176wifi: rtw89: pci: validate release report content before using for RTL8922DEn/aNo7.0CVE-2026-43204ASoC: qcom: q6asm: drop DSP responses for closed data streamsn/aNo5.5CVE-2026-43131drm/amd/pm: Fix null pointer dereference issuen/aNo5.5CVE-2026-43126ALSA: mixer: oss: Add card disconnect checkpointsn/aNo5.5CVE-2026-43127ntfs3: fix circular locking dependency in run_unpack_exn/aNo5.5CVE-2026-43161iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable moden/aNo5.5CVE-2026-43198tcp: fix potential race in tcp_v6_syn_recv_sock()n/aNo4.8CVE-2026-43245ntfs: ->d_compare() must not blockn/aNo7.1CVE-2025-71290misc: ti_fpc202: fix a potential memory leak in probe functionn/aNo5.5CVE-2026-43137ASoC: SOF: Intel: hda: Fix NULL pointer dereferencen/aNo5.5CVE-2026-43115srcu: Use irq_work to start GP in tiny SRCUn/aNo5.5CVE-2026-43234team: avoid NETDEV_CHANGEMTU event when unregistering slaven/aNo5.5CVE-2025-71293drm/amdgpu/ras: Move ras data alloc before bad page checkn/aNo5.5CVE-2026-43172wifi: iwlwifi: fix 22000 series SMEM parsingn/aNo5.3CVE-2025-71285net: qrtr: Drop the MHI auto_queue feature for IPCR DL channelsn/aNo4.7CVE-2026-43197netconsole: avoid OOB reads, msg is not nul-terminatedn/aNo5.5CVE-2026-43185ksmbd: fix signededness bug in smb_direct_prepare_negotiation()n/aNo5.5CVE-2025-71273wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()n/aNo5.3CVE-2026-43118btrfs: fix zero size inode with non-zero size after log replayn/aNo3.3CVE-2026-43109x86: shadow stacks: proper error handling for mmap lockn/aNo7.1CVE-2026-43153xfs: remove xfs_attr_leaf_hasnamen/aNo7.1CVE-2026-43129ima: verify the previous kernel's IMA buffer lies in addressable RAMn/aNo5.5CVE-2026-43116netfilter: ctnetlink: ensure safe access to master conntrackn/aNo7.1CVE-2026-43274mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()n/aNo7.1CVE-2026-43244kcm: fix zero-frag skb in frag_list on partial sendmsg errorn/aNo5.5CVE-2026-43191drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35n/aNo5.5CVE-2026-43258alpha: fix user-space corruption during memory compactionn/aNo5.5CVE-2025-71289fs/ntfs3: handle attr_set_size() errors when truncating filesn/aNo7.1CVE-2026-43107xfrm: account XFRMA_IF_ID in aevent size calculationn/aNo5.5CVE-2026-43243drm/amd/display: Add signal type check for dcn401 get_phyd32clk_srcn/aNo5.5CVE-2025-71294drm/amdgpu: fix NULL pointer issue buffer funcsn/aNo5.5CVE-2026-43250usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()n/aNo7.1CVE-2026-43237drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4n/aNo5.5CVE-2026-43201APEI/GHES: ARM processor Error: don't go past allocated memoryn/aNo5.5CVE-2026-43219net: cpsw_new: Fix potential unregister of netdev that has not been registered yetn/aNo7.1CVE-2026-43165hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_faninn/aNo5.5CVE-2026-43088net: af_key: zero aligned sockaddr tail in PF_KEY exportsn/aNo7.1CVE-2026-43195drm/amdgpu: validate user queue size constraintsn/aNo7.1CVE-2025-71272most: core: fix resource leak in most_register_interface error pathsn/aNo5.5CVE-2026-43213wifi: rtw89: pci: validate sequence number of TX release reportn/aNo7.0CVE-2026-43228hfs: Replace BUG_ON with error handling for CNID count checksn/aNo7.1CVE-2026-43216net: Drop the lock in skb_may_tx_timestamp()n/aNo5.5CVE-2026-43119Bluetooth: hci_sync: annotate data-races around hdev->req_statusn/aNo5.3CVE-2026-43267wifi: rtw89: fix potential zero beacon interval in beacon trackingn/aNo7.0CVE-2026-43101ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()n/aNo7.0CVE-2026-43199net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address queryn/aNo7.0CVE-2026-43083net: ioam6: fix OOB and missing lockn/aNo7.0CVE-2026-43870Apache Thrift: Node.js web_server.js multi-vulnerabilityn/aNo7.3CVE-2026-43868Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 patternn/aNo5.3CVE-2026-33523Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status linen/aNo6.5CVE-2026-23918Apache HTTP Server: http2: double free and possible RCE on early resetn/aNo8.8CVE-2026-34059Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()n/aNo7.5CVE-2026-34032Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)n/aNo5.3CVE-2026-24072Apache HTTP Server: mod_rewrite elevation of privileges via ap_exprn/aNo8.8CVE-2026-33006Apache HTTP Server: mod_auth_digest timing attackn/aNo4.8CVE-2026-33007Apache HTTP Server: mod_authn_socache crashn/aNo5.3CVE-2026-29169Apache HTTP Server: mod_dav_lock indirect lock crashn/aNo7.5CVE-2026-29168Apache HTTP Server: mod_md unrestricted OCSP responsen/aNo7.3CVE-2026-33857Apache HTTP Server: Off-by-one OOB reads in AJP getter functionsn/aNo5.3CVE-2026-41672xmldom: XML node injection through unvalidated comment serializationn/aNoCVE-2026-41674xmldom: XML injection through unvalidated DocumentType serializationn/aNoCVE-2026-41675xmldom: XML node injection through unvalidated processing instruction serializationn/aNoCVE-2026-41673xmldom: Denial of service via uncontrolled recursion in XML serializationn/aNoCVE-2026-25243redis-server RESTORE invalid memory access may allow remote code executionn/aNoCVE-2026-23631redis-server Lua use-after-free may allow remote code executionn/aNoCVE-2026-31717ksmbd: validate owner of durable handle on reconnectn/aNo8.8CVE-2026-31718ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavengern/aNo9.8CVE-2026-23479redis-server use-after-free in unblock client flow may allow remote code executionn/aNoCVE-2026-25588RedisTimeSeries RESTORE invalid memory access may allow remote code executionn/aNoCVE-2026-25589RedisBloom RESTORE invalid memory access may allow remote code executionn/aNoCVE-2026-43474fs: init flags_valid before calling vfs_fileattr_getn/aNoCVE-2026-43338btrfs: reserve enough transaction items for qgroup ioctlsn/aNoCVE-2025-71302drm/panthor: fix for dma-fence safe access rulesn/aNoCVE-2026-43318drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notifyn/aNo7.1CVE-2026-43309md raid: fix hang when stopping arrays with metadata through dm-raidn/aNo5.5CVE-2026-43416powerpc, perf: Check that current->mm is alive before getting user callchainn/aNoCVE-2025-71299spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsingn/aNo5.5CVE-2026-43284xfrm: esp: avoid in-place decrypt on shared skb fragsn/aNo7.8CVE-2026-43352i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeuen/aNo5.5CVE-2026-43300drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()n/aNo5.5CVE-2026-43331x86/kexec: Disable KCOV instrumentation after load_segments()n/aNoCVE-2026-43320drm/amd/display: Fix dsc eDP issuen/aNoCVE-2026-43306bpf: crypto: Use the correct destructor kfunc typen/aNo7.0CVE-2026-43443ASoC: amd: acp-mach-common: Add missing error check for clock acquisitionn/aNoCVE-2026-43317most: core: fix leak on early registration failuren/aNoCVE-2026-43319spi: spidev: fix lock inversion between spi_lock and buf_lockn/aNoCVE-2026-43303mm/page_alloc: clear page->private in free_pages_prepare()n/aNo7.0CVE-2026-43344perf/x86/intel/uncore: Fix die ID init and look up bugsn/aNoCVE-2026-43321bpf: Properly mark live registers for indirect jumpsn/aNo7.8CVE-2026-43456bonding: fix type confusion in bond_setup_by_slave()n/aNo5.5CVE-2026-43305drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast pathn/aNo5.5CVE-2026-43298drm/amdgpu: Skip vcn poison irq release on VFn/aNo7.8CVE-2026-43299btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()n/aNo5.5CVE-2026-43400drm/amdgpu: add upper bound check on user inputs in signal ioctln/aNoCVE-2026-43310media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVCn/aNo5.5CVE-2026-43294drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panelsn/aNo5.5CVE-2026-43353i3c: mipi-i3c-hci: Fix race in DMA ring dequeuen/aNo7.8CVE-2026-43292mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_noden/aNo5.5CVE-2026-43398drm/amdgpu: add upper bound check on user inputs in wait ioctln/aNoCVE-2026-43311soc/tegra: pmc: Fix unsafe generic_handle_irq() calln/aNo5.5CVE-2026-43421usb: gadget: f_ncm: Fix net_device lifecycle with device_moven/aNoCVE-2026-43308btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()n/aNo5.5CVE-2026-37458n/aNo6.5CVE-2026-37459n/aNo7.5CVE-2026-33846Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassemblyn/aNo7.5CVE-2026-6664PgBouncer integer overflow in PgBouncer network packet parsingn/aNo7.5CVE-2026-6665PgBouncer buffer overflow in SCRAMn/aNo8.1CVE-2026-6667PgBouncer missing authorization check in KILL_CLIENT admin commandn/aNo4.3CVE-2026-6666PgBouncer crash in kill_pool_logins_server_errorn/aNo5.9CVE-2026-45130Vim: Heap Buffer Overflow in spell file loadingn/aNo6.6CVE-2026-44656Vim: OS Command Injection via 'path' completionn/aNoCVE-2026-33811Crash when handling long CNAME response in netn/aNo7.5CVE-2026-33814Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/netn/aNo7.5CVE-2026-39817Invoking "go tool pack" does not sanitize output paths in cmd/gon/aNo5.9CVE-2026-39819Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/gon/aNo5.3CVE-2026-39820Quadratic string concatentation in consumeComment in net/mailn/aNo7.5CVE-2026-39823Bypass of meta content URL escaping causes XSS in html/templaten/aNo6.1CVE-2026-39825ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputiln/aNo5.3CVE-2026-39826Escaper bypass leads to XSS in html/templaten/aNo6.1CVE-2026-39836Panic in Dial and LookupPort when handling NUL byte on Windows in netn/aNo7.5CVE-2026-42499Quadratic string concatenation in consumePhrase in net/mailn/aNo7.5CVE-2026-42501Malicious module proxy can bypass checksum database in cmd/gon/aNo7.5CVE-2026-33079Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titlesn/aNoCVE-2026-41889pgx: SQL Injection via placeholder confusion with dollar quoted string literalsn/aNoCVE-2026-42257net-imap: Command Injection via "raw" arguments to multiple commandsn/aNoCVE-2026-42258net-imap: Command Injection via unvalidated Symbol inputsn/aNoCVE-2026-42256net-imap: Denial of service via high iteration count for `SCRAM-*` authenticationn/aNoCVE-2026-42246net-imap vulnerable to STARTTLS stripping via invalid response timingn/aNoCVE-2026-45186n/aNo2.9CVE-2026-7261SoapServer session-persisted object use-after-free via SOAP header faultn/aNoCVE-2026-7258Out-of-bounds read in urldecode() on NetBSDn/aNoCVE-2026-6722Use-After-Free in SOAP using Apache mapn/aNoCVE-2026-6735XSS within PHP-FPM status endpointn/aNoCVE-2026-7262NULL pointer dereference in SOAP apache:Map decoder with missing <value>n/aNoCVE-2025-14179SQL injection in pdo_firebird via NUL bytes in quoted stringsn/aNoCVE-2026-7568Signed integer overflow in metaphone()n/aNoCVE-2026-7259Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()n/aNoCVE-2026-43500rxrpc: Also unshare DATA/RESPONSE packets when paged frags are presentn/aNo7.8SQL Server vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-40370SQL Server Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8Windows vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2025-54518AMD: CVE-2025-54518 CPU OP Cache CorruptionExploitation UnlikelyNoCVE-2026-41095Data Deduplication Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-35424Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityExploitation UnlikelyNo7.5CVE-2026-40377Microsoft Cryptographic Services Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34329Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-41097Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo6.7CVE-2026-33839Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-33840Win32k Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-34330Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-34331Win32k Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-35423Windows 11 Telnet Client Information Disclosure VulnerabilityExploitation UnlikelyNo5.4CVE-2026-35438Windows Admin Center Elevation of Privilege VulnerabilityExploitation Less LikelyNo8.3CVE-2026-34344Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34345Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35416Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation More LikelyNo7.0CVE-2026-41088Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-34343Windows Application Identity (AppID) Subsystem Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-35418Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-33835Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-34337Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40407Windows Common Log File System Driver Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40397Windows Common Log File System Driver Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-41096Windows DNS Client Remote Code Execution VulnerabilityExploitation UnlikelyNo9.8CVE-2026-42896Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-35419Windows DWM Core Library Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-34336Windows DWM Core Library Information Disclosure VulnerabilityExploitation UnlikelyNo7.8CVE-2026-33834Windows Event Logging Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-32209Windows Filtering Platform (WFP) Security Feature Bypass VulnerabilityExploitation UnlikelyNo4.4CVE-2026-35421Windows GDI Remote Code Execution VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40403Windows Graphics Component Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-40402Windows Hyper-V Elevation of Privilege VulnerabilityExploitation Less LikelyNo9.3CVE-2026-33841Windows Kernel Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-35420Windows Kernel Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40369Windows Kernel Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-34332Windows Kernel-Mode Driver Remote Code Execution VulnerabilityExploitation UnlikelyNo8.0CVE-2026-34339Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityExploitation Less LikelyNo5.5CVE-2026-34341Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-33838Windows Message Queuing (MSMQ) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-32161Windows Native WiFi Miniport Driver Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-41089Windows Netlogon Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8CVE-2026-34342Windows Print Spooler Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-34340Windows Projected File System Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-40398Windows Remote Desktop Services Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-21530Windows Rich Text Edit Elevation of Privilege VulnerabilityExploitation Less LikelyNo6.7CVE-2026-32170Windows Rich Text Edit Elevation of Privilege VulnerabilityExploitation Less LikelyNo6.7CVE-2026-40410Windows SMB Client Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35415Windows Storage Spaces Controller Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34350Windows Storport Miniport Driver Denial of Service VulnerabilityExploitation UnlikelyNo6.5CVE-2026-40405Windows TCP/IP Denial of Service VulnerabilityExploitation Less LikelyNo7.5CVE-2026-40414Windows TCP/IP Denial of Service VulnerabilityExploitation UnlikelyNo7.4CVE-2026-40401Windows TCP/IP Denial of Service VulnerabilityExploitation UnlikelyNo7.1CVE-2026-40413Windows TCP/IP Denial of Service VulnerabilityExploitation Less LikelyNo7.4CVE-2026-35422Windows TCP/IP Driver Security Feature Bypass VulnerabilityExploitation UnlikelyNo6.5CVE-2026-34351Windows TCP/IP Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40399Windows TCP/IP Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34334Windows TCP/IP Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-40406Windows TCP/IP Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-33837Windows TCP/IP Local Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-40415Windows TCP/IP Remote Code Execution VulnerabilityExploitation UnlikelyNo8.1CVE-2026-42825Windows Telephony Service Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-34338Windows Telephony Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40382Windows Telephony Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40380Windows Volume Manager Extension Driver Remote Code Execution VulnerabilityExploitation Less LikelyNo6.2CVE-2026-40408Windows WAN ARP Driver Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34333Windows Win32k Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34347Windows Win32k Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-35417Windows Win32k Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8Critical RCEs and EoPsCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-33109Azure Managed Instance for Apache Cassandra Remote Code Execution VulnerabilityN/ANo9.9CVE-2026-33844Azure Managed Instance for Apache Cassandra Remote Code Execution VulnerabilityN/ANo9.0CVE-2026-42823Azure Logic Apps Elevation of Privilege VulnerabilityExploitation Less LikelyNo9.9CVE-2026-42898Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityExploitation UnlikelyNo9.9CVE-2026-42833Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityExploitation Less LikelyNo9.1CVE-2026-41103Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege VulnerabilityExploitation More LikelyNo9.1CVE-2026-41096Windows DNS Client Remote Code Execution VulnerabilityExploitation UnlikelyNo9.8CVE-2026-40402Windows Hyper-V Elevation of Privilege VulnerabilityExploitation Less LikelyNo9.3CVE-2026-41089Windows Netlogon Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8Article TagsPatch TuesdayVulnerability ManagementAdam BarnettAuthor PostsRelated blog postsExposure ManagementPatch Tuesday - April 2026Adam BarnettExposure ManagementPatch Tuesday - March 2026Adam BarnettExposure ManagementPatch Tuesday - February 2026Adam BarnettVulnerabilities and ExploitsPatch Tuesday and the Enduring Challenge of Windows’ Backwards CompatibilityAdam BarnettSee all posts