CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◆ Security Tools & Reviews Jun 10, 2026

Patch Tuesday - June 2026

Rapid7 Archived Jun 10, 2026 ✓ Full text saved

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been

Full text archived locally
✦ AI Summary · Claude Sonnet

    Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years. As usual, browser vulns are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update Guide. Other vulnerability categories, especially Linux kernel vulnerabilities, are seeing a similar increase in AI-assisted vulnerability reports.What's the opposite of coordinated disclosure?In recent weeks, an independent vulnerability researcher going by the pseudonym Nightmare Eclipse has attracted significant attention by publishing details of six Microsoft vulnerabilities, including elevation of privilege vulnerabilities in Defender, and a Secure Boot disk encryption bypass. The researcher provided full proof-of-concept code for some, and provided  significant-but-incomplete detail around the path to exploitation for others. Microsoft has confirmed that these disclosures were not coordinated, and it is clear that the relationship between this researcher and Microsoft is less than cordial. Two of the disclosures emerged in the hours after last month’s Patch Tuesday, which provides maximum visibility, while limiting Microsoft’s ability to respond without out-of-cycle patches.At time of writing, Microsoft has provided mitigation advice and patches for CVE-2026-33825, CVE-2026-45585, CVE-2026-45498, and CVE-2026-41091, leaving only two elevation of privilege vulnerabilities unpatched, known as MiniPlasma and GreenPlasma. However, a recent blog post by Nightmare Eclipse with the title “7” has been widely interpreted to mean that there is at least one more vulnerability to come. The post contained no content other than an image of Albert Vesker, a character from the Resident Evil video game series who formerly worked as a researcher for a technology corporation before going rogue. Any inference around the possible meaning of the image is left as an exercise for the reader.Given the timing of last month’s disclosures in the hours following Patch Tuesday, a further high-friction disclosure today would perhaps be unsurprising. Indeed, a new blog post and a new GitHub account from the same researcher have emerged in the hours following Microsoft’s publication of the June 2026 Patch Tuesday updates. The apparent seventh disclosure is nicknamed RoguePlanet, and appears to describe another elevation of privilege to SYSTEM in Defender.It is not at all difficult to understand why Microsoft and many blue team practitioners are deeply alarmed by the partial or even full disclosure of proof-of-concept code for an ongoing series of vulnerabilities affecting fully-patched Windows systems. However, multiple leading voices in the broader vulnerability disclosure community have expressed concern that Microsoft’s invocation of the Digital Crimes Unit in a May 27, 2026 blog post may yet prove counterproductive, especially if it causes other researchers to back away from mutually beneficial engagements with MSRC. A few days later, MSRC issued a further statement clarifying that they have no intention of pursuing action against security researchers, but only those who break the law or engage in malicious activity causing real harm. For now, one safe conclusion is that this unusually sensational Microsoft vulnerability management story arc is far from over.HTTP/2: denial of serviceEvery so often, a new round of denial of service vulnerabilities emerge which affect web servers implementing HTTP/2 and HTTP/3 standards. This class of vulnerabilities is likely to expand further as researchers, including the discoverers of CVE-2026-49160, use advances in LLM capability to probe not just specific software, but also the standards on which software rests. Microsoft warns that exploitation leads to uncontrolled resource consumption over a network, and expects that exploitation is more likely. The advisory credits both a third-party research firm and OpenAI’s Codex.Microsoft has not yet directly addressed another HTTP/2 vulnerability which allows trivial denial-of-service against the default HTTP/2 configuration of multiple web server platforms, including Microsoft IIS. CVE-2026-49975, also known as HTTP/2 Bomb, became public knowledge a week ago. This denial of service works by exhausting memory on the target server, and unlike a distributed denial of service attack, there is no requirement that an attacker control a large amount of bandwidth. Patches are available for NGINX and Apache, with IIS presumably to follow at some point. If practically possible, disabling HTTP/2 is a valid mitigation.PowerToys: SYSTEM EoPThe Microsoft PowerToys utility provides a wide variety of useful control and configuration options for Windows power users which aren’t otherwise easily accessible. It turns out that PowerToys also offers an undocumented extra: local elevation of privilege to SYSTEM via successful exploitation of CVE-2026-42902. It is worth noting that the fix was included in PowerToys v0.99.1 on April 29, 2026, without any apparent mention in the release notes. Attackers with patch-diffing toolkits may well take note of this discrepancy.Microsoft lifecycle updateThere are no significant Microsoft product lifecycle changes this month. SQL Server 2016 moves beyond regular extended support and into the pay-to-play Extended Security Updates (ESU) phase after July 14, 2026. On that same date, SharePoint 2016 and 2019 will also move past extended support, but since there’s no ESU available, the only remaining option for fully-supported self-hosted SharePoint after the middle of next month will be SharePoint Subscription Edition.Summary charts Vulnerabilities by Product FamilyApps vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-45650Microsoft Bing Search Spoofing VulnerabilityExploitation Less LikelyNo4.3CVE-2026-49161Microsoft PC Manager Security Feature Bypass VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42902Microsoft PowerToys Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45649Office for Android Spoofing VulnerabilityExploitation UnlikelyNo7.1CVE-2026-44803Windows Graphics Component Remote Code Execution VulnerabilityExploitation More LikelyNo7.8CVE-2026-44812Windows Graphics Component Remote Code Execution VulnerabilityExploitation More LikelyNo7.8Azure vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-32193Azure Kubernetes Service (AKS) Remote Code Execution VulnerabilityExploitation UnlikelyNo8.8CVE-2026-47643Azure Stack Edge Remote Code Execution VulnerabilityExploitation UnlikelyNo9.8CVE-2026-41098Azure Stack Edge Spoofing VulnerabilityExploitation Less LikelyNo8.4Developer Tools vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-45490.NET SDK Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45491.NET Tampering VulnerabilityExploitation UnlikelyNo6.2CVE-2026-45591ASP.NET Core Denial of Service VulnerabilityExploitation Less LikelyNo7.5CVE-2026-45644Microsoft Live Share Canvas SDK Elevation of Privilege VulnerabilityExploitation Less LikelyNo8.0CVE-2026-45482Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass VulnerabilityExploitation Less LikelyNo8.4CVE-2026-40376Visual Studio Code Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.5CVE-2026-47281Visual Studio Code Elevation of Privilege VulnerabilityExploitation UnlikelyNo9.6CVE-2026-47284Visual Studio Code Information Disclosure VulnerabilityExploitation Less LikelyNo6.5CVE-2026-47292Visual Studio Code MSSQL Extension Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-48569Visual Studio Code Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.1CVE-2026-47287Visual Studio Code Tampering VulnerabilityExploitation Less LikelyNo6.5ESU vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2025-10263ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]Exploitation Less LikelyNo9.3CVE-2026-44815DHCP Client Service Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8CVE-2026-49160HTTP.sys Denial of Service VulnerabilityExploitation More LikelyYes7.5CVE-2026-47291HTTP.sys Remote Code Execution VulnerabilityExploitation More LikelyNo9.8CVE-2026-45642Microsoft Azure Attestation service and Device Health Attestation Service Spoofing VulnerabilityExploitation Less LikelyNo3.9CVE-2026-45637Microsoft DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45504Microsoft Exchange Server Elevation of Privilege VulnerabilityExploitation UnlikelyNo8.8CVE-2026-45502Microsoft Exchange Server Information Disclosure VulnerabilityExploitation UnlikelyNo5.0CVE-2026-45503Microsoft Exchange Server Information Disclosure VulnerabilityExploitation UnlikelyNo8.1CVE-2026-45583Microsoft Exchange Server Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-45500Microsoft Exchange Server Spoofing VulnerabilityExploitation Less LikelyNo6.1CVE-2026-45501Microsoft Exchange Server Spoofing VulnerabilityExploitation Less LikelyNo6.5CVE-2026-47631Microsoft Exchange Server Spoofing VulnerabilityExploitation Less LikelyNo8.1CVE-2026-42986Microsoft Graphics Component Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-41092Microsoft Kinect Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45606Microsoft UxTheme Library (uxtheme.dll) Denial of Service VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42980NT OS Kernel Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-42916NT OS Kernel Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-47289Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-47653Remote Desktop Client Remote Code Execution VulnerabilityExploitation UnlikelyNo8.8CVE-2026-48563Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-42909Remote Desktop Client Remote Code Execution VulnerabilityExploitation UnlikelyNo7.5CVE-2026-42992Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-44799Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-44801Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-42985Remote Desktop Client Remote Code Execution VulnerabilityExploitation More LikelyNo8.8CVE-2026-42993Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-45588Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48568Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48570Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48573Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48575Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48576Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48578Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-45656UEFI Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.8CVE-2026-8863UEFI Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34335Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-45601Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45598Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45596Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45638Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45603Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-42911Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45594Windows Application Identity (AppID) Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-45655Windows BitLocker Security Feature Bypass VulnerabilityExploitation Less LikelyNo5.3CVE-2026-45658Windows BitLocker Security Feature Bypass VulnerabilityExploitation More LikelyNo7.8CVE-2026-50507Windows BitLocker Security Feature Bypass VulnerabilityExploitation More LikelyYes6.8CVE-2026-45640Windows Bluetooth Port Driver Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45605Windows Bluetooth Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-47656Windows Boot Manager Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-45586Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege VulnerabilityExploitation More LikelyYes7.8CVE-2026-42987Windows Deployment Services (WDS) Remote Code ExecutionExploitation Less LikelyNo8.1CVE-2026-33828Windows Device Health Attestation (DHA) Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-45634Windows DHCP Client Information Disclosure VulnerabilityExploitation UnlikelyNo5.5CVE-2026-45608Windows DHCP Client Information Disclosure VulnerabilityExploitation UnlikelyNo6.8CVE-2026-41108Windows DNS Client Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-42905Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-42983Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-44802Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45602Windows Dynamic Host Configuration Protocol (DHCP) Tampering VulnerabilityExploitation Less LikelyNo9.1CVE-2026-42836Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-44803Windows Graphics Component Remote Code Execution VulnerabilityExploitation More LikelyNo7.8CVE-2026-44812Windows Graphics Component Remote Code Execution VulnerabilityExploitation More LikelyNo7.8CVE-2026-42972Windows Hyper-V Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-45607Windows Hyper-V Remote Code Execution VulnerabilityExploitation Less LikelyNo8.4CVE-2026-45641Windows Hyper-V Remote Code Execution VulnerabilityExploitation Less LikelyNo8.4CVE-2026-45592Windows Internet (wininet.dll) Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42903Windows Kerberos Denial of Service VulnerabilityExploitation UnlikelyNo6.5CVE-2026-42914Windows Kerberos Denial of Service VulnerabilityExploitation Less LikelyNo5.3CVE-2026-47288Windows Kerberos Key Distribution Center (KDC) Remote Code ExecutionExploitation UnlikelyNo7.1CVE-2026-48583Windows Kernel Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45653Windows Kernel Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-42984Windows Kernel Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-45595Windows Mark of the Web Security Feature Bypass VulnerabilityExploitation Less LikelyNo5.4CVE-2026-48574Windows Media Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45636Windows NTFS Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-50508Windows NTLM Spoofing VulnerabilityExploitation More LikelyNo6.5CVE-2026-45487Windows Program Compatibility Assistant Service Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42828Windows Projected File System Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42837Windows Projected File System Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42969Windows Push Notification Information Disclosure VulnerabilityExploitation UnlikelyNo5.5CVE-2026-42971Windows Push Notification Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42970Windows Push Notification Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42973Windows Push Notification Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42978Windows Push Notifications Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42977Windows Push Notifications Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42979Windows Push Notifications Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42991Windows Push Notifications Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-45639Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-42908Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-45593Windows SDK Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42906Windows Shell Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42907Windows Shell Information Disclosure VulnerabilityExploitation Less LikelyNo6.5CVE-2026-47648Windows Storage Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-42915Windows TCP/IP Denial of Service VulnerabilityExploitation Less LikelyNo5.7CVE-2026-42904Windows TCP/IP Elevation of Privilege VulnerabilityExploitation UnlikelyNo9.6CVE-2026-42968Windows Telephony Server Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42912Windows Telephony Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-40409Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40404Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45599Windows UPnP Device Host Remote Code Execution VulnerabilityExploitation Less LikelyNo8.1CVE-2026-45635Windows UPnP Device Host Remote Code Execution VulnerabilityExploitation Less LikelyNo8.1CVE-2026-42989Winlogon Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8Mariner vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-40930LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk bodyn/aNo5.4Microsoft Dynamics vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-40371Microsoft Dynamics 365 (on-premises) Elevation of Privilege VulnerabilityExploitation Less LikelyNo8.8Microsoft Office vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-44822Microsoft Excel Information Disclosure VulnerabilityExploitation UnlikelyNo8.2CVE-2026-45455Microsoft Excel Information Disclosure VulnerabilityExploitation Less LikelyNo3.3CVE-2026-45469Microsoft Excel Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-44817Microsoft Excel Remote Code Execution VulnerabilityExploitation UnlikelyNo7.8CVE-2026-44818Microsoft Excel Remote Code Execution VulnerabilityExploitation Less LikelyNo7.0CVE-2026-44820Microsoft Excel Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-44823Microsoft Excel Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45459Microsoft Excel Security Feature Bypass VulnerabilityExploitation Less LikelyNo3.3CVE-2026-47293Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45485Microsoft Office Information Disclosure VulnerabilityExploitation Less LikelyNo3.3CVE-2026-44821Microsoft Office Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-45460Microsoft Office Information Disclosure VulnerabilityExploitation UnlikelyNo4.7CVE-2026-45483Microsoft Office Project Server Spoofing VulnerabilityExploitation Less LikelyNo4.6CVE-2026-45475Microsoft Office Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45472Microsoft Office Remote Code Execution VulnerabilityExploitation Less LikelyNo8.4CVE-2026-45474Microsoft Office Remote Code Execution VulnerabilityExploitation Less LikelyNo8.4CVE-2026-44819Microsoft Office Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-44824Microsoft Office Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45461Microsoft Office Remote Code Execution VulnerabilityExploitation Less LikelyNo8.4CVE-2026-45645Microsoft Office Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45463Microsoft Office Remote Code Execution VulnerabilityExploitation Less LikelyNo8.4CVE-2026-45456Microsoft Outlook and Word Remote Code Execution VulnerabilityExploitation Less LikelyNo8.4CVE-2026-45458Microsoft Outlook and Word Remote Code Execution VulnerabilityExploitation Less LikelyNo8.4CVE-2026-47635Microsoft Outlook and Word Remote Code Execution VulnerabilityExploitation Less LikelyNo8.4CVE-2026-45484Microsoft SharePoint Elevation of Privilege VulnerabilityExploitation Less LikelyNo8.8CVE-2026-45454Microsoft SharePoint Remote Code Execution VulnerabilityExploitation Less LikelyNo6.5CVE-2026-47298Microsoft SharePoint Server Remote Code Execution VulnerabilityExploitation Less LikelyNo8.0CVE-2026-45467Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo4.6CVE-2026-45468Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo4.6CVE-2026-45479Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo4.6CVE-2026-45453Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo5.4CVE-2026-47636Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo5.4CVE-2026-47637Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo4.6CVE-2026-47638Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo4.6CVE-2026-47639Microsoft SharePoint Server Spoofing VulnerabilityExploitation UnlikelyNo5.4CVE-2026-47641Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo4.6CVE-2026-33113Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo5.4CVE-2026-45462Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo4.6CVE-2026-45464Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo5.4CVE-2026-45465Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo5.4CVE-2026-47634Microsoft SharePoint Server Spoofing VulnerabilityExploitation More LikelyNo7.3CVE-2026-47640Microsoft SharePoint Server Spoofing VulnerabilityExploitation UnlikelyNo4.6CVE-2026-45481Microsoft SharePoint Server Spoofing VulnerabilityExploitation More LikelyNo7.3CVE-2026-48560Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo5.4CVE-2026-48562Microsoft SharePoint Server Spoofing VulnerabilityExploitation Less LikelyNo4.6CVE-2026-42835Microsoft Teams for Android Information Disclosure VulnerabilityExploitation Less LikelyNo8.1CVE-2026-45466Microsoft Word Information Disclosure VulnerabilityExploitation UnlikelyNo3.3CVE-2026-45471Microsoft Word Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45486Microsoft Word Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45643Microsoft Word Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45457Microsoft Word Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45649Office for Android Spoofing VulnerabilityExploitation UnlikelyNo7.1CVE-2026-44803Windows Graphics Component Remote Code Execution VulnerabilityExploitation More LikelyNo7.8CVE-2026-44812Windows Graphics Component Remote Code Execution VulnerabilityExploitation More LikelyNo7.8Open Source Software vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-11463USCiLab Cereal Shared Pointer type confusionn/aNo7.3CVE-2026-49975Apache HTTP Server: mod_http2 denial of servicen/aNo7.5CVE-2026-50265Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292n/aNo5.3CVE-2026-40930LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk bodyn/aNo5.4CVE-2026-10879DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 bindersn/aNo8.6CVE-2026-50261Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()n/aNo7.8CVE-2026-50256Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatchn/aNo7.8CVE-2026-50262Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributesn/aNo5.5CVE-2026-50260Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()n/aNo6.6CVE-2026-50259Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexingn/aNo7.8CVE-2026-50257Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()n/aNo6.6CVE-2026-50258Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levelsn/aNo7.8CVE-2026-50263Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()n/aNo5.5Other vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-45476Microsoft Azure Network Adapter Elevation of Privilege VulnerabilityExploitation Less LikelyNo8.2CVE-2026-26142Nuance PowerScribe Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8Server Software vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-45504Microsoft Exchange Server Elevation of Privilege VulnerabilityExploitation UnlikelyNo8.8CVE-2026-45502Microsoft Exchange Server Information Disclosure VulnerabilityExploitation UnlikelyNo5.0CVE-2026-45503Microsoft Exchange Server Information Disclosure VulnerabilityExploitation UnlikelyNo8.1CVE-2026-45583Microsoft Exchange Server Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-45500Microsoft Exchange Server Spoofing VulnerabilityExploitation Less LikelyNo6.1CVE-2026-45501Microsoft Exchange Server Spoofing VulnerabilityExploitation Less LikelyNo6.5CVE-2026-47631Microsoft Exchange Server Spoofing VulnerabilityExploitation Less LikelyNo8.1System Center vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-45647Microsoft Defender for Endpoint for Mac Elevation of Privilege VulnerabilityExploitation Less LikelyNo5.5Windows vulnerabilitiesCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2025-10263ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]Exploitation Less LikelyNo9.3CVE-2026-44815DHCP Client Service Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8CVE-2026-49160HTTP.sys Denial of Service VulnerabilityExploitation More LikelyYes7.5CVE-2026-47291HTTP.sys Remote Code Execution VulnerabilityExploitation More LikelyNo9.8CVE-2026-45642Microsoft Azure Attestation service and Device Health Attestation Service Spoofing VulnerabilityExploitation Less LikelyNo3.9CVE-2026-44810Microsoft Cryptographic Services Elevation of Privilege VulnerabilityExploitation Less LikelyNo8.4CVE-2026-45637Microsoft DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42986Microsoft Graphics Component Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-41092Microsoft Kinect Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45606Microsoft UxTheme Library (uxtheme.dll) Denial of Service VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42980NT OS Kernel Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-42916NT OS Kernel Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-47289Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo8.8CVE-2026-47653Remote Desktop Client Remote Code Execution VulnerabilityExploitation UnlikelyNo8.8CVE-2026-47654Remote Desktop Client Remote Code Execution VulnerabilityExploitation UnlikelyNo7.5CVE-2026-48563Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-42909Remote Desktop Client Remote Code Execution VulnerabilityExploitation UnlikelyNo7.5CVE-2026-42913Remote Desktop Client Remote Code Execution VulnerabilityExploitation UnlikelyNo7.5CVE-2026-42992Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-44799Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-44801Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-42985Remote Desktop Client Remote Code Execution VulnerabilityExploitation More LikelyNo8.8CVE-2026-42993Remote Desktop Client Remote Code Execution VulnerabilityExploitation Less LikelyNo7.5CVE-2026-45588Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48568Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48570Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48573Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48575Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48576Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-48578Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-45654Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-45656UEFI Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.8CVE-2026-8863UEFI Secure Boot Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45648Windows Active Directory Domain Services Remote Code Execution VulnerabilityExploitation UnlikelyNo8.8CVE-2026-42829Windows Administrator Protection Secure Feature Bypass VulnerabilityExploitation Less LikelyNo7.8CVE-2026-34335Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-45601Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45598Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45596Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45638Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45603Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-42911Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45594Windows Application Identity (AppID) Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-45655Windows BitLocker Security Feature Bypass VulnerabilityExploitation Less LikelyNo5.3CVE-2026-45658Windows BitLocker Security Feature Bypass VulnerabilityExploitation More LikelyNo7.8CVE-2026-50507Windows BitLocker Security Feature Bypass VulnerabilityExploitation More LikelyYes6.8CVE-2026-45640Windows Bluetooth Port Driver Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45605Windows Bluetooth Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-47656Windows Boot Manager Security Feature Bypass VulnerabilityExploitation Less LikelyNo7.9CVE-2026-45586Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege VulnerabilityExploitation More LikelyYes7.8CVE-2026-44809Windows Common Log File System Driver Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42987Windows Deployment Services (WDS) Remote Code ExecutionExploitation Less LikelyNo8.1CVE-2026-33828Windows Device Health Attestation (DHA) Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-45634Windows DHCP Client Information Disclosure VulnerabilityExploitation UnlikelyNo5.5CVE-2026-45608Windows DHCP Client Information Disclosure VulnerabilityExploitation UnlikelyNo6.8CVE-2026-41108Windows DNS Client Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-42905Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8CVE-2026-44811Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-44808Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-44807Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42983Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-44802Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-44813Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-44804Windows DWM Core Library Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-48566Windows DWM Core Library Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-44814Windows DWM Core Library Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-45602Windows Dynamic Host Configuration Protocol (DHCP) Tampering VulnerabilityExploitation Less LikelyNo9.1CVE-2026-42836Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-44803Windows Graphics Component Remote Code Execution VulnerabilityExploitation More LikelyNo7.8CVE-2026-44812Windows Graphics Component Remote Code Execution VulnerabilityExploitation More LikelyNo7.8CVE-2026-42910Windows Hotpatch Monitoring Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42972Windows Hyper-V Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-45607Windows Hyper-V Remote Code Execution VulnerabilityExploitation Less LikelyNo8.4CVE-2026-45641Windows Hyper-V Remote Code Execution VulnerabilityExploitation Less LikelyNo8.4CVE-2026-47652Windows Hyper-V Remote Code Execution VulnerabilityExploitation Less LikelyNo8.2CVE-2026-45592Windows Internet (wininet.dll) Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42903Windows Kerberos Denial of Service VulnerabilityExploitation UnlikelyNo6.5CVE-2026-42914Windows Kerberos Denial of Service VulnerabilityExploitation Less LikelyNo5.3CVE-2026-47288Windows Kerberos Key Distribution Center (KDC) Remote Code ExecutionExploitation UnlikelyNo7.1CVE-2026-48583Windows Kernel Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45653Windows Kernel Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-42984Windows Kernel Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-45657Windows Kernel Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8CVE-2026-45600Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-45604Windows Managed Installer Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-45595Windows Mark of the Web Security Feature Bypass VulnerabilityExploitation Less LikelyNo5.4CVE-2026-48574Windows Media Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-48565Windows Narrator Braille Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-44805Windows Network Controller (NC) Host Agent Denial of Service VulnerabilityExploitation UnlikelyNo5.5CVE-2026-45636Windows NTFS Remote Code Execution VulnerabilityExploitation Less LikelyNo7.8CVE-2026-50508Windows NTLM Spoofing VulnerabilityExploitation More LikelyNo6.5CVE-2026-42981Windows Performance Monitor Remote Code Execution VulnerabilityExploitation Less LikelyNo8.1CVE-2026-42974Windows Performance Monitor Remote Code Execution VulnerabilityExploitation Less LikelyNo8.1CVE-2026-45487Windows Program Compatibility Assistant Service Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42828Windows Projected File System Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42837Windows Projected File System Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42969Windows Push Notification Information Disclosure VulnerabilityExploitation UnlikelyNo5.5CVE-2026-42971Windows Push Notification Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42970Windows Push Notification Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42973Windows Push Notification Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42978Windows Push Notifications Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42977Windows Push Notifications Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42979Windows Push Notifications Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-42991Windows Push Notifications Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.8CVE-2026-45639Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-42908Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityExploitation Less LikelyNo7.5CVE-2026-45593Windows SDK Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-42906Windows Shell Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42907Windows Shell Information Disclosure VulnerabilityExploitation Less LikelyNo6.5CVE-2026-47648Windows Storage Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-42915Windows TCP/IP Denial of Service VulnerabilityExploitation Less LikelyNo5.7CVE-2026-42904Windows TCP/IP Elevation of Privilege VulnerabilityExploitation UnlikelyNo9.6CVE-2026-42968Windows Telephony Server Information Disclosure VulnerabilityExploitation Less LikelyNo5.5CVE-2026-42912Windows Telephony Service Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.0CVE-2026-45597Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege VulnerabilityExploitation UnlikelyNo7.0CVE-2026-40409Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-40404Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege VulnerabilityExploitation Less LikelyNo7.8CVE-2026-45599Windows UPnP Device Host Remote Code Execution VulnerabilityExploitation Less LikelyNo8.1CVE-2026-45635Windows UPnP Device Host Remote Code Execution VulnerabilityExploitation Less LikelyNo8.1CVE-2026-42989Winlogon Elevation of Privilege VulnerabilityExploitation More LikelyNo7.8Zero-Day Vulnerabilities: Publicly Disclosed (No known exploitation)CVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2026-49160HTTP.sys Denial of Service VulnerabilityExploitation More LikelyYes7.5CVE-2026-50507Windows BitLocker Security Feature Bypass VulnerabilityExploitation More LikelyYes6.8CVE-2026-45586Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege VulnerabilityExploitation More LikelyYes7.8Critical RCEsCVETitleExploitation statusPublicly disclosed?CVSS v3 base scoreCVE-2025-10263ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]Exploitation Less LikelyNo9.3CVE-2026-47643Azure Stack Edge Remote Code Execution VulnerabilityExploitation UnlikelyNo9.8CVE-2026-44815DHCP Client Service Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8CVE-2026-47291HTTP.sys Remote Code Execution VulnerabilityExploitation More LikelyNo9.8CVE-2026-26142Nuance PowerScribe Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8CVE-2026-47281Visual Studio Code Elevation of Privilege VulnerabilityExploitation UnlikelyNo9.6CVE-2026-45602Windows Dynamic Host Configuration Protocol (DHCP) Tampering VulnerabilityExploitation Less LikelyNo9.1CVE-2026-45657Windows Kernel Remote Code Execution VulnerabilityExploitation Less LikelyNo9.8CVE-2026-42904Windows TCP/IP Elevation of Privilege VulnerabilityExploitation UnlikelyNo9.6Article TagsPatch TuesdayVulnerability ManagementAdam BarnettAuthor PostsRelated blog postsExposure ManagementPatch Tuesday - May 2026Adam BarnettExposure ManagementPatch Tuesday - April 2026Adam BarnettExposure ManagementPatch Tuesday - March 2026Adam BarnettExposure ManagementPatch Tuesday - February 2026Adam BarnettSee all posts
    💬 Team Notes
    Article Info
    Source
    Rapid7
    Category
    ◆ Security Tools & Reviews
    Published
    Jun 10, 2026
    Archived
    Jun 10, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗