June 2026 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2026-Jun 2026-Jun Final 1.0 354 2026-06-17T07:00:00 June 2026 Security Updates 2026-06-09T07:00:00 2026-06-17T07:00:00 <h2 id="this-release-consists-of-the-following-208-microsoft-cves">This release consists of the following 208 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Nuance PowerScribe</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-26142">CVE-2026-26142</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Azure Kubernetes Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32193">CVE-2026-32193</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33113">CVE-2026-33113</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Azure Attestation service and Device Health Attestation Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33828">CVE-2026-33828</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34335">CVE-2026-34335</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics 365 (on-premises)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40371">CVE-2026-40371</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40376">CVE-2026-40376</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Universal Disk Format File System Driver (UDFS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40404">CVE-2026-40404</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Universal Disk Format File System Driver (UDFS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40409">CVE-2026-40409</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Kinect</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41092">CVE-2026-41092</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Stack Edge</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41098">CVE-2026-41098</a></td> <td>8.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows DNS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41108">CVE-2026-41108</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>M365 Copilot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42824">CVE-2026-42824</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Projected File System Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42828">CVE-2026-42828</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Administrator Protection</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42829">CVE-2026-42829</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Teams for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42835">CVE-2026-42835</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Function Discovery Service (fdwsd.dll)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42836">CVE-2026-42836</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Projected File System Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42837">CVE-2026-42837</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft PowerToys</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42902">CVE-2026-42902</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42903">CVE-2026-42903</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42904">CVE-2026-42904</a></td> <td>9.6</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42905">CVE-2026-42905</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Shell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42906">CVE-2026-42906</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Shell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42907">CVE-2026-42907</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows RDP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42908">CVE-2026-42908</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42909">CVE-2026-42909</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hotpatch Monitoring Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42910">CVE-2026-42910</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42911">CVE-2026-42911</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42912">CVE-2026-42912</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42913">CVE-2026-42913</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42914">CVE-2026-42914</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42915">CVE-2026-42915</a></td> <td>5.7</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NT OS Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42916">CVE-2026-42916</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42968">CVE-2026-42968</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42969">CVE-2026-42969</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42970">CVE-2026-42970</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42971">CVE-2026-42971</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42972">CVE-2026-42972</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42973">CVE-2026-42973</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Performance Monitor</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42974">CVE-2026-42974</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42977">CVE-2026-42977</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42978">CVE-2026-42978</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42979">CVE-2026-42979</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NT OS Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42980">CVE-2026-42980</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Performance Monitor</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42981">CVE-2026-42981</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42983">CVE-2026-42983</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42984">CVE-2026-42984</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42985">CVE-2026-42985</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42986">CVE-2026-42986</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Deployment Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42987">CVE-2026-42987</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Winlogon</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42989">CVE-2026-42989</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42991">CVE-2026-42991</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42992">CVE-2026-42992</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42993">CVE-2026-42993</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44799">CVE-2026-44799</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44801">CVE-2026-44801</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44802">CVE-2026-44802</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44803">CVE-2026-44803</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44804">CVE-2026-44804</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Network Controller (NC) Host Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44805">CVE-2026-44805</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44807">CVE-2026-44807</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44808">CVE-2026-44808</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Common Log File System Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44809">CVE-2026-44809</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cryptographic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44810">CVE-2026-44810</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44811">CVE-2026-44811</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44812">CVE-2026-44812</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44813">CVE-2026-44813</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44814">CVE-2026-44814</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DHCP Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44815">CVE-2026-44815</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44817">CVE-2026-44817</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44818">CVE-2026-44818</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44819">CVE-2026-44819</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44820">CVE-2026-44820</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44821">CVE-2026-44821</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44822">CVE-2026-44822</a></td> <td>8.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44823">CVE-2026-44823</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-44824">CVE-2026-44824</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45453">CVE-2026-45453</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45454">CVE-2026-45454</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45455">CVE-2026-45455</a></td> <td>3.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45456">CVE-2026-45456</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45457">CVE-2026-45457</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45458">CVE-2026-45458</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45459">CVE-2026-45459</a></td> <td>3.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45460">CVE-2026-45460</a></td> <td>4.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45461">CVE-2026-45461</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45462">CVE-2026-45462</a></td> <td>4.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45463">CVE-2026-45463</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45464">CVE-2026-45464</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45465">CVE-2026-45465</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45466">CVE-2026-45466</a></td> <td>3.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45467">CVE-2026-45467</a></td> <td>4.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45468">CVE-2026-45468</a></td> <td>4.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45469">CVE-2026-45469</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45471">CVE-2026-45471</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45472">CVE-2026-45472</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45474">CVE-2026-45474</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45475">CVE-2026-45475</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Linux MANA Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45476">CVE-2026-45476</a></td> <td>8.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45479">CVE-2026-45479</a></td> <td>4.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45481">CVE-2026-45481</a></td> <td>7.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>GitHub Copilot and Visual Studio Code</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45482">CVE-2026-45482</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Project</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45483">CVE-2026-45483</a></td> <td>4.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45484">CVE-2026-45484</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45485">CVE-2026-45485</a></td> <td>3.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45486">CVE-2026-45486</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Program Compatibility Assistant Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45487">CVE-2026-45487</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45490">CVE-2026-45490</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45491">CVE-2026-45491</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Copilot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45497">CVE-2026-45497</a></td> <td>7.7</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45500">CVE-2026-45500</a></td> <td>6.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45501">CVE-2026-45501</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45502">CVE-2026-45502</a></td> <td>5.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45503">CVE-2026-45503</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45504">CVE-2026-45504</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45583">CVE-2026-45583</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Collaborative Translation Framework</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45586">CVE-2026-45586</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45588">CVE-2026-45588</a></td> <td>7.9</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>ASP.NET Core</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45591">CVE-2026-45591</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet (wininet.dll)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45592">CVE-2026-45592</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SDK</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45593">CVE-2026-45593</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Application Identity (AppID) Subsystem</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45594">CVE-2026-45594</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Mark of the Web (MOTW)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45595">CVE-2026-45595</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45596">CVE-2026-45596</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>UI Automation Manager (uiamanager.dll)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45597">CVE-2026-45597</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45598">CVE-2026-45598</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Universal Plug and Play (upnp.dll)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45599">CVE-2026-45599</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel-Mode Drivers</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45600">CVE-2026-45600</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45601">CVE-2026-45601</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DHCP Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45602">CVE-2026-45602</a></td> <td>9.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45603">CVE-2026-45603</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Application Identity (AppID) Subsystem</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45604">CVE-2026-45604</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Bluetooth Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45605">CVE-2026-45605</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft UxTheme Library (uxtheme.dll)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45606">CVE-2026-45606</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45607">CVE-2026-45607</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DHCP Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45608">CVE-2026-45608</a></td> <td>6.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DHCP Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45634">CVE-2026-45634</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Universal Plug and Play (upnp.dll)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45635">CVE-2026-45635</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45636">CVE-2026-45636</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45637">CVE-2026-45637</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45638">CVE-2026-45638</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows RDP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45639">CVE-2026-45639</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Bluetooth Port Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45640">CVE-2026-45640</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45641">CVE-2026-45641</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Azure Attestation service and Device Health Attestation Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45642">CVE-2026-45642</a></td> <td>3.9</td> <td>CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45643">CVE-2026-45643</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Live Share Canvas SDK</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45644">CVE-2026-45644</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45645">CVE-2026-45645</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Defender for Endpoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45647">CVE-2026-45647</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Active Directory Domain Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45648">CVE-2026-45648</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Office for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45649">CVE-2026-45649</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Bing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45650">CVE-2026-45650</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45653">CVE-2026-45653</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45654">CVE-2026-45654</a></td> <td>7.9</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45655">CVE-2026-45655</a></td> <td>5.3</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows UEFI</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45656">CVE-2026-45656</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45657">CVE-2026-45657</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45658">CVE-2026-45658</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47281">CVE-2026-47281</a></td> <td>9.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47284">CVE-2026-47284</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47287">CVE-2026-47287</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47288">CVE-2026-47288</a></td> <td>7.1</td> <td>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47289">CVE-2026-47289</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows HTTP.sys</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47291">CVE-2026-47291</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47292">CVE-2026-47292</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Click-To-Run</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47293">CVE-2026-47293</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47298">CVE-2026-47298</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47631">CVE-2026-47631</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47634">CVE-2026-47634</a></td> <td>7.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47635">CVE-2026-47635</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47636">CVE-2026-47636</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47637">CVE-2026-47637</a></td> <td>4.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47638">CVE-2026-47638</a></td> <td>4.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47639">CVE-2026-47639</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47640">CVE-2026-47640</a></td> <td>4.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47641">CVE-2026-47641</a></td> <td>4.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Stack Edge</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47643">CVE-2026-47643</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Copilot Chat (Microsoft Edge)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47644">CVE-2026-47644</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Storage</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47648">CVE-2026-47648</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47652">CVE-2026-47652</a></td> <td>8.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47653">CVE-2026-47653</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47654">CVE-2026-47654</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graph</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47655">CVE-2026-47655</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Boot Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47656">CVE-2026-47656</a></td> <td>7.9</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48560">CVE-2026-48560</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48562">CVE-2026-48562</a></td> <td>4.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48563">CVE-2026-48563</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Narrator Braille</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48565">CVE-2026-48565</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48566">CVE-2026-48566</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure HorizonDB</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48567">CVE-2026-48567</a></td> <td>10.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48568">CVE-2026-48568</a></td> <td>7.9</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48569">CVE-2026-48569</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48570">CVE-2026-48570</a></td> <td>7.9</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48573">CVE-2026-48573</a></td> <td>7.9</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48574">CVE-2026-48574</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48575">CVE-2026-48575</a></td> <td>7.9</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48576">CVE-2026-48576</a></td> <td>7.9</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48578">CVE-2026-48578</a></td> <td>7.9</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Online</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48579">CVE-2026-48579</a></td> <td>9.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48583">CVE-2026-48583</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>HTTP/2</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-49160">CVE-2026-49160</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft PC Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-49161">CVE-2026-49161</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-50507">CVE-2026-50507</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTLM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-50508">CVE-2026-50508</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTLM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-50656">CVE-2026-50656</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A :H/E:F/RL:U/RC:C</td> <td>Exploitation More Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-495-non-microsoft-cves-chrome-cves-not-listed">We are republishing 495 non-Microsoft CVEs (Chrome CVEs not listed):</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Arm Limited</td> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-10263">CVE-2025-10263</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>CERT/CC</td> <td>Windows UEFI</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-8863">CVE-2026-8863</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>October 31, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/introducing-new-features-improved-security-experience">You asked, we delivered: Introducing new features for an improved security experience</a></td> </tr> <tr> <td>October 28, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/understanding-cve-2025-55315">Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know</a></td> </tr> <tr> <td>October 22, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond</a></td> </tr> <tr> <td>November 12, 2024</td> <td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td> </tr> <tr> <td>June 27, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td> </tr> <tr> <td>April 9, 2024</td> <td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td> </tr> <tr> <td>January 6, 2023</td> <td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5094125">5094125</a></td> <td>Windows Server 2025</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5094127">5094127</a></td> <td>Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5094128">5094128</a></td> <td>Windows Server 2022</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2025 (Server Core installation) Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows 11 version 26H1 for x64-based Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows App Client for Windows Desktop Remote Desktop client for Windows Desktop Windows Server, version 2004 (Server Core installation) Windows Narrator Braille Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Exchange Server 2019 Cumulative Update 15 Microsoft Exchange Server 2016 Cumulative Update 23 Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft Office 365 for Mac Office Online Server Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC for Mac 2024 Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office for Android Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Excel for Android Microsoft PowerPoint for Android Microsoft Teams for Android Copilot Chat (Microsoft Edge) Microsoft Edge (Chromium-based) Microsoft Graph Azure Kubernetes Service Azure Stack Edge Azure HorizonDB Microsoft PowerToys Microsoft Word for Android Microsoft Bing Search for Android Microsoft PC Manager Microsoft 365 Copilot .NET 10.0 installed on Windows .NET 8.0 installed on Windows .NET 9.0 installed on Windows .NET 10.0 installed on Mac OS .NET 10.0 installed on Linux .NET 8.0 .NET 8.0 installed on Linux .NET 8.0 installed on Mac OS .NET 9.0 installed on Linux .NET 9.0 installed on Mac OS Visual Studio Code Visual Studio Code - MSSQL Extension Microsoft Visual Studio Code CoPilot Chat Extension Microsoft Visual Studio 2026 version 18.6 ASP.NET Core 10.0 ASP.NET Core 8.0 ASP.NET Core 9.0 Microsoft Live Share Canvas SDK Microsoft Exchange Server Subscription Edition RTM Microsoft Exchange Online Nuance PowerScribe 360 version 4.0.5 Nuance PowerScribe 360 version 4.0.6 Nuance PowerScribe 360 version 4.0.7 Nuance PowerScribe 360 version 4.0.8 Nuance PowerScribe 360 version 4.0.9 Nuance PowerScribe One version 2019.1 Nuance PowerScribe One version 2019.2 Nuance PowerScribe One version 2019.3 Nuance PowerScribe 360 4.0 Nuance PowerScribe 360 version 4.0.1 Nuance PowerScribe 360 version 4.0.2 Nuance PowerScribe 360 version 4.0.3 Nuance PowerScribe 360 version 4.0.4 Nuance PowerScribe One version 2019.4 Nuance PowerScribe One version 2019.5 Nuance PowerScribe One version 2019.6 Nuance PowerScribe One version 2019.7 Nuance PowerScribe One version 2019.8 Nuance PowerScribe One version 2019.9 Nuance PowerScribe One version 2019.10 PowerScribe One version 2023.1 SP2 Patch 11 PowerScribe One version 2023.1 SP3 Patch 6 Linux kernel - Microsoft MANA Network Driver Microsoft Dynamics 365 (on-premises) version 9.1 Microsoft Defender for Endpoint for Mac Microsoft Malware Protection Engine azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-11 on Azure Linux 3.0 azl3 golang 1.25.10-1 on Azure Linux 3.0 azl3 golang 1.26.3-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 expat 2.6.4-6 on Azure Linux 3.0 azl3 cmake 3.30.3-13 on Azure Linux 3.0 azl3 python3 3.12.9-11 on Azure Linux 3.0 azl3 containerd2 2.2.4-2 on Azure Linux 3.0 azl3 kata-containers 3.19.1.kata3-4 on Azure Linux 3.0 azl3 kata-containers-cc 3.15.0.aks0-12 on Azure Linux 3.0 azl3 kubernetes 1.30.10-25 on Azure Linux 3.0 azl3 kubevirt 1.7.1-7 on Azure Linux 3.0 azl3 moby-containerd-cc 1.7.7-13 on Azure Linux 3.0 azl3 moby-engine 25.0.3-18 on Azure Linux 3.0 azl3 runc 1.3.3-1 on Azure Linux 3.0 azl3 ntopng 5.2.1-6 on Azure Linux 3.0 azl3 rrdtool 1.8.0-2 on Azure Linux 3.0 azl3 cereal 1.3.2-1 on Azure Linux 3.0 azl3 nginx 1.28.3-4 on Azure Linux 3.0 azl3 httpd 2.4.67-1 on Azure Linux 3.0 azl3 libpng 1.6.58-1 on Azure Linux 3.0 azl3 perl-DBI 1.643-3 on Azure Linux 3.0 azl3 xorg-x11-server-Xwayland 24.1.6-4 on Azure Linux 3.0 azl3 sqlite 3.44.0-3 on Azure Linux 3.0 azl3 snappy 1.1.10-2 on Azure Linux 3.0 azl3 vim 9.2.0488-1 on Azure Linux 3.0 azl3 openssl 3.3.7-1 on Azure Linux 3.0 azl3 cloud-hypervisor 51.1.56-1 on Azure Linux 3.0 azl3 edk2 20240524git3e722403cd16-17 on Azure Linux 3.0 azl3 nodejs 24.14.1-3 on Azure Linux 3.0 azl3 qemu 9.1.0-7 on Azure Linux 3.0 azl3 rust 1.75.0-29 on Azure Linux 3.0 azl3 rust 1.90.0-8 on Azure Linux 3.0 azl3 python-virtualenv 20.36.1-4 on Azure Linux 3.0 azl3 python-pip 24.2-8 on Azure Linux 3.0 azl3 freeipmi 1.6.17-1 on Azure Linux 3.0 azl3 opensc 0.27.1-1 on Azure Linux 3.0 azl3 libinput 1.25.0-1 on Azure Linux 3.0 azl3 frr 10.5.4-1 on Azure Linux 3.0 azl3 gnutls 3.8.3-11 on Azure Linux 3.0 azl3 perl-HTML-Parser 3.82-1 on Azure Linux 3.0 azl3 elixir 1.16.1-1 on Azure Linux 3.0 azl3 lldpd 1.0.17-2 on Azure Linux 3.0 azl3 ldns 1.8.3-2 on Azure Linux 3.0 azl3 openssl 3.3.5-5 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 16.1-2 on Azure Linux 3.0 azl3 shim-unsigned-x64 16.1-2 on Azure Linux 3.0 azl3 opentelemetry-cpp 1.14.2-2 on Azure Linux 3.0 azl3 gd 2.3.3-4 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 azl3 qtbase 6.6.3-4 on Azure Linux 3.0 azl3 ansible 2.17.11-1 on Azure Linux 3.0 azl3 pam 1.5.3-5 on Azure Linux 3.0 Microsoft Exchange Online Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Windows Server 2016 Office Online Server Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Visual Studio Code Microsoft Edge (Chromium-based) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Windows Server, version 2004 (Server Core installation) Microsoft Bing Search for Android Microsoft Word for Android Remote Desktop client for Windows Desktop Azure Kubernetes Service Microsoft Malware Protection Engine Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Teams for Android Microsoft Defender for Endpoint for Mac Microsoft Excel for Android Microsoft PowerPoint for Android Microsoft Exchange Server 2016 Cumulative Update 23 Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Azure Stack Edge Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft Office for Android Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems ASP.NET Core 8.0 .NET 8.0 Microsoft Exchange Server 2019 Cumulative Update 14 Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems .NET 8.0 installed on Windows .NET 8.0 installed on Linux .NET 8.0 installed on Mac OS Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions .NET 9.0 installed on Linux .NET 9.0 installed on Mac OS .NET 9.0 installed on Windows Windows Server 2025 Windows Server 2025 (Server Core installation) Microsoft Office LTSC for Mac 2024 Microsoft PC Manager Windows App Client for Windows Desktop Microsoft Exchange Server 2019 Cumulative Update 15 ASP.NET Core 9.0 Nuance PowerScribe 360 4.0 Microsoft 365 Copilot Microsoft Visual Studio Code CoPilot Chat Extension Microsoft Exchange Server Subscription Edition RTM azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 azl3 ansible 2.17.11-1 on Azure Linux 3.0 azl3 qtbase 6.6.3-4 on Azure Linux 3.0 azl3 pam 1.5.3-5 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 perl-DBI 1.643-3 on Azure Linux 3.0 azl3 snappy 1.1.10-2 on Azure Linux 3.0 Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Nuance PowerScribe 360 version 4.0.1 Nuance PowerScribe 360 version 4.0.2 Nuance PowerScribe 360 version 4.0.3 Nuance PowerScribe 360 version 4.0.4 Nuance PowerScribe 360 version 4.0.5 Nuance PowerScribe 360 version 4.0.6 Nuance PowerScribe 360 version 4.0.7 Nuance PowerScribe 360 version 4.0.8 Nuance PowerScribe 360 version 4.0.9 Nuance PowerScribe One version 2019.1 Nuance PowerScribe One version 2019.2 Nuance PowerScribe One version 2019.3 Nuance PowerScribe One version 2019.4 Nuance PowerScribe One version 2019.5 Nuance PowerScribe One version 2019.6 Nuance PowerScribe One version 2019.7 Nuance PowerScribe One version 2019.8 Nuance PowerScribe One version 2019.9 Nuance PowerScribe One version 2019.10 azl3 runc 1.3.3-1 on Azure Linux 3.0 azl3 ntopng 5.2.1-6 on Azure Linux 3.0 .NET 10.0 installed on Windows .NET 10.0 installed on Mac OS .NET 10.0 installed on Linux Windows 11 version 26H1 for x64-based Systems Windows 11 Version 26H1 for ARM64-based Systems ASP.NET Core 10.0 azl3 tensorflow 2.16.1-11 on Azure Linux 3.0 azl3 cmake 3.30.3-13 on Azure Linux 3.0 azl3 libinput 1.25.0-1 on Azure Linux 3.0 azl3 opensc 0.27.1-1 on Azure Linux 3.0 azl3 cloud-hypervisor 51.1.56-1 on Azure Linux 3.0 azl3 openssl 3.3.5-5 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 16.1-2 on Azure Linux 3.0 azl3 shim-unsigned-x64 16.1-2 on Azure Linux 3.0 azl3 expat 2.6.4-6 on Azure Linux 3.0 Copilot Chat (Microsoft Edge) azl3 xorg-x11-server-Xwayland 24.1.6-4 on Azure Linux 3.0 azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 Visual Studio Code - MSSQL Extension Microsoft PowerToys Linux kernel - Microsoft MANA Network Driver Microsoft Office 365 for Mac azl3 nodejs 24.14.1-3 on Azure Linux 3.0 Microsoft Live Share Canvas SDK Azure HorizonDB Microsoft Graph PowerScribe One version 2023.1 SP2 Patch 11 PowerScribe One version 2023.1 SP3 Patch 6 azl3 kubernetes 1.30.10-25 on Azure Linux 3.0 azl3 python3 3.12.9-11 on Azure Linux 3.0 azl3 qemu 9.1.0-7 on Azure Linux 3.0 azl3 python-pip 24.2-8 on Azure Linux 3.0 azl3 python-virtualenv 20.36.1-4 on Azure Linux 3.0 azl3 gnutls 3.8.3-11 on Azure Linux 3.0 azl3 kata-containers-cc 3.15.0.aks0-12 on Azure Linux 3.0 azl3 rust 1.75.0-29 on Azure Linux 3.0 azl3 containerd2 2.2.4-2 on Azure Linux 3.0 azl3 golang 1.25.10-1 on Azure Linux 3.0 azl3 frr 10.5.4-1 on Azure Linux 3.0 azl3 moby-engine 25.0.3-18 on Azure Linux 3.0 azl3 kata-containers 3.19.1.kata3-4 on Azure Linux 3.0 azl3 kubevirt 1.7.1-7 on Azure Linux 3.0 azl3 libpng 1.6.58-1 on Azure Linux 3.0 azl3 golang 1.26.3-1 on Azure Linux 3.0 azl3 rust 1.90.0-8 on Azure Linux 3.0 azl3 moby-containerd-cc 1.7.7-13 on Azure Linux 3.0 azl3 freeipmi 1.6.17-1 on Azure Linux 3.0 Microsoft Visual Studio 2026 version 18.6 Windows Narrator Braille azl3 rrdtool 1.8.0-2 on Azure Linux 3.0 azl3 perl-HTML-Parser 3.82-1 on Azure Linux 3.0 azl3 cereal 1.3.2-1 on Azure Linux 3.0 azl3 httpd 2.4.67-1 on Azure Linux 3.0 azl3 elixir 1.16.1-1 on Azure Linux 3.0 azl3 lldpd 1.0.17-2 on Azure Linux 3.0 azl3 sqlite 3.44.0-3 on Azure Linux 3.0 azl3 ldns 1.8.3-2 on Azure Linux 3.0 azl3 nginx 1.28.3-4 on Azure Linux 3.0 azl3 vim 9.2.0488-1 on Azure Linux 3.0 azl3 edk2 20240524git3e722403cd16-17 on Azure Linux 3.0 azl3 opentelemetry-cpp 1.14.2-2 on Azure Linux 3.0 azl3 openssl 3.3.7-1 on Azure Linux 3.0 azl3 gd 2.3.3-4 on Azure Linux 3.0 Windows DNS Client Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Windows DNS Microsoft Yes CVE-2026-41108 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 WARP team at Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious link and convince the user to open it.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-45467 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious link and convince the user to open it.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-45468 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Excel Microsoft Yes CVE-2026-45469 Integer Underflow (Wrap or Wraparound) Heap-based Buffer Overflow 21368 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 21368 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 21368 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002875 https://www.microsoft.com/en-us/download/details.aspx?id=108691 5002871 10836 Maybe Security Update 16.0.10417.20137 https://support.microsoft.com/help/5002875 10836 5002875 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002877 https://www.microsoft.com/en-us/download/details.aspx?id=108687 5002865 10739 10740 Maybe Security Update 16.0.5556.1001 https://support.microsoft.com/help/5002877 10739 10740 5002877 <a href="https://x.com/lmksecurity">Jeongmin Choi</a> with <a href="https://s2w.inc/ko">S2W</a> Haein Lee with KAIST Hacking Lab 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Are the updates for the Microsoft Office for Android currently available?</strong></p> <p>The security update for Microsoft Office for Android is not immediately available. The update will be released as soon as possible. When it is available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Microsoft Yes CVE-2026-45472 Use After Free 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 12155 21368 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 12155 Remote Code Execution 21368 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Critical 12155 Critical 21368 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002878 https://www.microsoft.com/en-us/download/details.aspx?id=108688 5002866 10753 10754 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002878 10753 10754 5002878 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Word Microsoft Yes CVE-2026-45471 Untrusted Pointer Dereference 21368 10950 11585 11573 11574 11762 11763 11951 11952 11953 11961 12420 12421 12440 10746 10747 Remote Code Execution 21368 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 11961 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Important 21368 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 11961 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002881 https://www.microsoft.com/en-us/download/details.aspx?id=108697 5002869 10950 Maybe Security Update 16.0.5556.1002 https://support.microsoft.com/help/5002881 10950 5002881 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002876 https://www.microsoft.com/en-us/download/details.aspx?id=108693 5002872 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002876 11585 5002876 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 5002879 https://www.microsoft.com/en-us/download/details.aspx?id=108686 5002858 10746 10747 Maybe Security Update 16.0.5556.1000 https://support.microsoft.com/help/5002879 10746 10747 5002879 0ccbbf129444eb66344ccafb92b00df4 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>Are the updates for the Microsoft Office for Android currently available?</strong></p> <p>The security update for Microsoft Office for Android is not immediately available. The update will be released as soon as possible. When it is available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Microsoft Yes CVE-2026-45474 Use After Free 21368 11573 11574 11762 11763 11951 11952 11953 12155 12420 12421 12440 10753 10754 Remote Code Execution 21368 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12155 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 21368 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12155 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002878 https://www.microsoft.com/en-us/download/details.aspx?id=108688 5002866 10753 10754 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002878 10753 10754 5002878 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious link and convince the user to open it.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-45479 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Word Microsoft Yes CVE-2026-45486 Use After Free 21368 11762 11763 11951 12440 Remote Code Execution 21368 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 12440 Important 21368 Important 11762 Important 11763 Important 11951 Important 12440 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 Click to Run 0ccbbf129444eb66344ccafb92b00df4 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Information Disclosure Vulnerability <p>Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Microsoft Yes CVE-2026-45485 Out-of-bounds Read 21368 10950 11585 11573 11574 11762 11763 11951 11952 11953 11961 12420 12421 12440 10753 10754 Information Disclosure 21368 Information Disclosure 10950 Information Disclosure 11585 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 11961 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10753 Information Disclosure 10754 Important 21368 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 11961 Important 12420 Important 12421 Important 12440 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 21368 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10950 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11585 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11573 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11574 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11762 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11763 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11951 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11952 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11953 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11961 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12420 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12421 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12440 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10753 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10754 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002881 https://www.microsoft.com/en-us/download/details.aspx?id=108697 5002869 10950 Maybe Security Update 16.0.5556.1002 https://support.microsoft.com/help/5002881 10950 5002881 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002876 https://www.microsoft.com/en-us/download/details.aspx?id=108693 5002872 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002876 11585 5002876 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 5002878 https://www.microsoft.com/en-us/download/details.aspx?id=108688 5002866 10753 10754 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002878 10753 10754 5002878 Haein Lee 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Project Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Project Microsoft Yes CVE-2026-45483 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11961 10950 11585 Spoofing 11961 Spoofing 10950 Spoofing 11585 Important 11961 Important 10950 Important 11585 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability <p>Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Copilot Chat (Microsoft Edge) Microsoft No CVE-2026-47644 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 21290 Information Disclosure 21290 Critical 21290 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 21290 Jianyang Song 1.0 2026-06-04T07:00:00 <p>Information published.</p> Microsoft Graph Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Graph Microsoft No CVE-2026-47655 Exposure of Sensitive Information to an Unauthorized Actor 21375 Information Disclosure 21375 Critical 21375 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 21375 Anonymous 1.0 2026-06-04T07:00:00 <p>Information published.</p> Chromium: CVE-2026-10984 Inappropriate implementation in Accessibility <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10984 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:57 <p>Information published.</p> Chromium: CVE-2026-11291 Policy bypass in Android Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11291 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:37 <p>Information published.</p> Chromium: CVE-2026-11178 Policy bypass in WebView <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11178 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:35 <p>Information published.</p> Chromium: CVE-2026-12012 Use after free  Network <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12012 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:31 <p>Information published.</p> Chromium: CVE-2026-12008 Use after free  DigitalCredentials <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12008 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:26 <p>Information published.</p> ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel] <p>No cwe for this issue in Windows Kernel allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this issue by triggering a specific timing condition during a memory permission change, causing a memory write to be applied using outdated permissions. Under these conditions, a write from a lower‑privileged context could succeed even after access should have been restricted.</p> Windows Kernel Arm Limited Yes CVE-2025-10263 20854 11930 12098 20437 12242 12389 Elevation of Privilege 20854 Elevation of Privilege 11930 Elevation of Privilege 12098 Elevation of Privilege 20437 Elevation of Privilege 12242 Elevation of Privilege 12389 Critical 20854 Critical 11930 Critical 12098 Critical 20437 Critical 12242 Critical 12389 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.3 8.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 9.3 8.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.3 8.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.3 8.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 9.3 8.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.3 8.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20854 5095051 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11930 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11930 5094127 5094127 https://support.microsoft.com/help/5094127 11930 12098 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12098 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12098 5094127 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 5094126 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Universal Disk Format File System Driver (UDFS) Microsoft Yes CVE-2026-40409 Numeric Truncation Error 11568 11571 11923 11569 11572 11924 11929 11931 12097 11930 20437 12437 12098 12099 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11571 Elevation of Privilege 11923 Elevation of Privilege 11569 Elevation of Privilege 11572 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 11930 Elevation of Privilege 20437 Elevation of Privilege 12437 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11571 Important 11923 Important 11569 Important 11572 Important 11924 Important 11929 Important 11931 Important 12097 Important 11930 Important 20437 Important 12437 Important 12098 Important 12099 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11571 11569 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11571 11569 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11931 11930 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11931 11930 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11931 12097 11930 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Thanatos Tian (PolyU) of Diffract R4nger with Kunlun Lab Zhiniang Peng with HUST @2st___ of Diffract 021w <a href="https://x.com/1nv0k3r_">1nv0k3r</a> and <a href="https://github.com/nothingonyoumoon">M00N</a> with BeFunLab 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Universal Disk Format File System Driver (UDFS) Microsoft Yes CVE-2026-40404 Heap-based Buffer Overflow Numeric Truncation Error 11924 11923 11930 11569 11568 11929 11572 11571 11931 12097 12098 12099 12437 20437 12243 12242 20438 12390 12389 20854 12436 20853 10816 10853 10852 10855 10379 10483 10543 10378 Elevation of Privilege 11924 Elevation of Privilege 11923 Elevation of Privilege 11930 Elevation of Privilege 11569 Elevation of Privilege 11568 Elevation of Privilege 11929 Elevation of Privilege 11572 Elevation of Privilege 11571 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 12243 Elevation of Privilege 12242 Elevation of Privilege 20438 Elevation of Privilege 12390 Elevation of Privilege 12389 Elevation of Privilege 20854 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 10816 Elevation of Privilege 10853 Elevation of Privilege 10852 Elevation of Privilege 10855 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 10378 Important 11924 Important 11923 Important 11930 Important 11569 Important 11568 Important 11929 Important 11572 Important 11571 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 12243 Important 12242 Important 20438 Important 12390 Important 12389 Important 20854 Important 12436 Important 20853 Important 10816 Important 10853 Important 10852 Important 10855 Important 10379 Important 10483 Important 10543 Important 10378 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11924 11923 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11924 11923 5094128 5094128 https://support.microsoft.com/help/5094128 11924 11923 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11930 11929 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11930 11929 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11930 11929 11931 12097 12098 12099 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11569 11568 11572 11571 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11569 11568 11572 11571 5094123 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12243 12242 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12243 12242 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12390 12389 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12390 12389 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20854 20853 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20854 20853 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10816 10853 10852 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10816 10853 10852 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10379 10378 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10379 10378 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 R4nger with Kunlun Lab &amp; Zhiniang Peng with HUST 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability <p>Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Azure Attestation service and Device Health Attestation Service Microsoft Yes CVE-2026-33828 Trust Boundary Violation 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 Akash Trehan 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2026-34335 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft PowerToys Elevation of Privilege Vulnerability <p>Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft PowerToys Microsoft Yes CVE-2026-42902 Improper Authorization 21354 Elevation of Privilege 21354 Important 21354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21354 Release Notes https://github.com/microsoft/PowerToys/releases/download/v0.99.1/PowerToysSetup-0.99.1-x64.exe 21354 No Security Update v0.99.1 https://github.com/microsoft/PowerToys/releases/tag/v0.99.1 21354 Release Notes s7331 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2026-44817 Access of Resource Using Incompatible Type ('Type Confusion') 21368 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 21368 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 21368 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002875 https://www.microsoft.com/en-us/download/details.aspx?id=108691 5002871 10836 Maybe Security Update 16.0.10417.20137 https://support.microsoft.com/help/5002875 10836 5002875 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002877 https://www.microsoft.com/en-us/download/details.aspx?id=108687 5002865 10739 10740 Maybe Security Update 16.0.5556.1001 https://support.microsoft.com/help/5002877 10739 10740 5002877 IceSword Lab and Vulnerability Research Institute 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Microsoft Office Excel Microsoft Yes CVE-2026-44818 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 21368 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 21368 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 21368 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002875 https://www.microsoft.com/en-us/download/details.aspx?id=108691 5002871 10836 Maybe Security Update 16.0.10417.20137 https://support.microsoft.com/help/5002875 10836 5002875 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002877 https://www.microsoft.com/en-us/download/details.aspx?id=108687 5002865 10739 10740 Maybe Security Update 16.0.5556.1001 https://support.microsoft.com/help/5002877 10739 10740 5002877 <a href="https://x.com/dnpushme">f4 &amp; Zhiniang Peng with HUST</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Office Microsoft Yes CVE-2026-44819 Heap-based Buffer Overflow 10950 11961 21368 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 10950 Remote Code Execution 11961 Remote Code Execution 21368 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Important 10950 Important 11961 Important 21368 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002881 https://www.microsoft.com/en-us/download/details.aspx?id=108697 5002869 10950 Maybe Security Update 16.0.5556.1002 https://support.microsoft.com/help/5002881 10950 5002881 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002876 https://www.microsoft.com/en-us/download/details.aspx?id=108693 5002872 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002876 11585 5002876 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002878 https://www.microsoft.com/en-us/download/details.aspx?id=108688 5002866 10753 10754 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002878 10753 10754 5002878 Haein Lee with KAIST Hacking Lab <a href="https://x.com/lmksecurity">Jeongmin Choi</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Excel Microsoft Yes CVE-2026-44820 Out-of-bounds Read 21368 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 21368 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 21368 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002875 https://www.microsoft.com/en-us/download/details.aspx?id=108691 5002871 10836 Maybe Security Update 16.0.10417.20137 https://support.microsoft.com/help/5002875 10836 5002875 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002877 https://www.microsoft.com/en-us/download/details.aspx?id=108687 5002865 10739 10740 Maybe Security Update 16.0.5556.1001 https://support.microsoft.com/help/5002877 10739 10740 5002877 <a href="https://x.com/dnpushme">f4 &amp; Zhiniang Peng with HUST</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Information Disclosure Vulnerability <p>Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Microsoft Yes CVE-2026-44821 Out-of-bounds Read 11961 10950 21368 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Information Disclosure 11961 Information Disclosure 10950 Information Disclosure 21368 Information Disclosure 11585 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10753 Information Disclosure 10754 Important 11961 Important 10950 Important 21368 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11961 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10950 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 21368 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11585 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11951 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12420 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12421 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12440 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10753 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10754 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002881 https://www.microsoft.com/en-us/download/details.aspx?id=108697 5002869 10950 Maybe Security Update 16.0.5556.1002 https://support.microsoft.com/help/5002881 10950 5002881 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002876 https://www.microsoft.com/en-us/download/details.aspx?id=108693 5002872 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002876 11585 5002876 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002878 https://www.microsoft.com/en-us/download/details.aspx?id=108688 5002866 10753 10754 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002878 10753 10754 5002878 <a href="https://www.linkedin.com/in/haaeein">Haein Lee</a> with KAIST Hacking Lab Jeongmin Choi(https://x.com/lmksecurity) 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2026-44823 Numeric Truncation Error Use After Free 21368 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 21368 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 21368 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002875 https://www.microsoft.com/en-us/download/details.aspx?id=108691 5002871 10836 Maybe Security Update 16.0.10417.20137 https://support.microsoft.com/help/5002875 10836 5002875 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002877 https://www.microsoft.com/en-us/download/details.aspx?id=108687 5002865 10739 10740 Maybe Security Update 16.0.5556.1001 https://support.microsoft.com/help/5002877 10739 10740 5002877 <a href="https://x.com/lmksecurity">Jeongmin Choi</a> with <a href="https://s2w.inc/ko">S2W</a> 0ccbbf129444eb66344ccafb92b00df4 Haein Lee with KAIST Hacking Lab 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Microsoft Yes CVE-2026-44824 Heap-based Buffer Overflow 21368 10950 11585 11573 11574 11762 11763 11951 11952 11953 11961 12420 12421 12440 10753 10754 Remote Code Execution 21368 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 11961 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Important 21368 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 11961 Important 12420 Important 12421 Important 12440 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002881 https://www.microsoft.com/en-us/download/details.aspx?id=108697 5002869 10950 Maybe Security Update 16.0.5556.1002 https://support.microsoft.com/help/5002881 10950 5002881 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002876 https://www.microsoft.com/en-us/download/details.aspx?id=108693 5002872 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002876 11585 5002876 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 5002878 https://www.microsoft.com/en-us/download/details.aspx?id=108688 5002866 10753 10754 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002878 10753 10754 5002878 0ccbbf129444eb66344ccafb92b00df4 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-45453 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Outlook and Word Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Why is Microsoft Word listed in the Security Updates table but the title indicates that Outlook is affected?</strong></p> <p>This vulnerability can be exploited when rendering email in Outlook (classic). The rendering of email in Outlook (classic) uses Microsoft Word functionality. The vulnerability is in the Word functionality and is exploitable through Outlook (classic).</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Microsoft Yes CVE-2026-45456 Access of Resource Using Incompatible Type ('Type Confusion') 21368 10950 11585 11573 11574 11762 11763 11951 11952 11953 11961 12420 12421 12440 10746 10747 Remote Code Execution 21368 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 11961 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Critical 21368 Critical 10950 Critical 11585 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 11961 Critical 12420 Critical 12421 Critical 12440 Critical 10746 Critical 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002881 https://www.microsoft.com/en-us/download/details.aspx?id=108697 5002869 10950 Maybe Security Update 16.0.5556.1002 https://support.microsoft.com/help/5002881 10950 5002881 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002876 https://www.microsoft.com/en-us/download/details.aspx?id=108693 5002872 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002876 11585 5002876 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 5002879 https://www.microsoft.com/en-us/download/details.aspx?id=108686 5002858 10746 10747 Maybe Security Update 16.0.5556.1000 https://support.microsoft.com/help/5002879 10746 10747 5002879 tiebuchen 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Outlook and Word Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Why is Microsoft Word listed in the Security Updates table but the title indicates that Outlook is affected?</strong></p> <p>This vulnerability can be exploited when rendering email in Outlook (classic). The rendering of email in Outlook (classic) uses Microsoft Word functionality. The vulnerability is in the Word functionality and is exploitable through Outlook (classic).</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Microsoft Yes CVE-2026-45458 Use After Free 21368 10950 11585 11573 11574 11762 11763 11951 11952 11953 11961 12420 12421 12440 10746 10747 Remote Code Execution 21368 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 11961 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Critical 21368 Critical 10950 Critical 11585 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 11961 Critical 12420 Critical 12421 Critical 12440 Critical 10746 Critical 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002881 https://www.microsoft.com/en-us/download/details.aspx?id=108697 5002869 10950 Maybe Security Update 16.0.5556.1002 https://support.microsoft.com/help/5002881 10950 5002881 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002876 https://www.microsoft.com/en-us/download/details.aspx?id=108693 5002872 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002876 11585 5002876 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 5002879 https://www.microsoft.com/en-us/download/details.aspx?id=108686 5002858 10746 10747 Maybe Security Update 16.0.5556.1000 https://support.microsoft.com/help/5002879 10746 10747 5002879 Jonghoi Kim, Donghyun Oh with kloy 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Information Disclosure Vulnerability <p>Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>Are the updates for the Microsoft Office for Android currently available?</strong></p> <p>The security update for Microsoft Office for Android is not immediately available. The update will be released as soon as possible. When it is available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Microsoft Yes CVE-2026-45460 Buffer Over-read 12155 21368 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 Information Disclosure 12155 Information Disclosure 21368 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Critical 12155 Critical 21368 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12155 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 21368 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11951 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12420 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12421 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12440 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 0ccbbf129444eb66344ccafb92b00df4 <a href="https://x.com/fluddsec">FluddSec</a> with <a href="https://runiclabs.io/">RunicLabs</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>Are the updates for the Microsoft Office for Android currently available?</strong></p> <p>The security update for Microsoft Office for Android is not immediately available. The update will be released as soon as possible. When it is available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Microsoft Yes CVE-2026-45461 Use After Free 12155 21368 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 12155 Remote Code Execution 21368 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 12155 Critical 21368 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002878 https://www.microsoft.com/en-us/download/details.aspx?id=108688 5002866 10753 10754 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002878 10753 10754 5002878 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Word Information Disclosure Vulnerability <p>Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Word Microsoft Yes CVE-2026-45466 Heap-based Buffer Overflow 11762 11763 11951 11952 11953 12420 12421 12440 21368 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 21368 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 21368 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11762 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11763 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11951 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11952 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11953 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12420 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12421 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12440 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 21368 Click to Run 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 11952 11953 12420 12421 Click to Run 0ccbbf129444eb66344ccafb92b00df4 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability <p>Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Program Compatibility Assistant Service Microsoft Yes CVE-2026-45487 Time-of-check Time-of-use (TOCTOU) Race Condition 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Ariel Terry 1.0 2026-06-09T07:00:00 <p>Information published.</p> .NET SDK Elevation of Privilege Vulnerability <p>Improper authorization in .NET allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> .NET Microsoft Yes CVE-2026-45490 Improper Authorization 20837 12414 12434 Elevation of Privilege 20837 Elevation of Privilege 12414 Elevation of Privilege 12434 Important 20837 Important 12414 Important 12434 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20837 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12414 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12434 5097148 https://dotnet.microsoft.com/download/dotnet/10.0 20837 Maybe Security Update 10.0.9 https://support.microsoft.com/help/5097148 20837 5097148 5097149 https://dotnet.microsoft.com/download/dotnet/8.0 12414 Maybe Security Update 8.0.28 https://support.microsoft.com/help/5097149 12414 5097149 5097150 https://dotnet.microsoft.com/download/dotnet/9.0 12434 Maybe Security Update 9.0.17 https://support.microsoft.com/help/5097150 12434 5097150 Ky0toFu 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> .NET Tampering Vulnerability <p>Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.</p> .NET Microsoft Yes CVE-2026-45491 Improper Link Resolution Before File Access ('Link Following') 20837 20838 20839 12260 12414 12415 12416 12432 12433 12434 Tampering 20837 Tampering 20838 Tampering 20839 Tampering 12260 Tampering 12414 Tampering 12415 Tampering 12416 Tampering 12432 Tampering 12433 Tampering 12434 Important 20837 Important 20838 Important 20839 Important 12260 Important 12414 Important 12415 Important 12416 Important 12432 Important 12433 Important 12434 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 20837 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 20838 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 20839 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12260 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12414 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12415 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12416 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12432 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12433 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12434 5097148 https://dotnet.microsoft.com/download/dotnet/10.0 20837 20838 20839 Maybe Security Update 10.0.9 https://support.microsoft.com/help/5097148 20837 20838 20839 5097148 5097149 https://dotnet.microsoft.com/download/dotnet/8.0 12260 12414 12415 12416 Maybe Security Update 8.0.28 https://support.microsoft.com/help/5097149 12260 12414 12415 12416 5097149 5097150 https://dotnet.microsoft.com/download/dotnet/9.0 12432 12433 12434 Maybe Security Update 9.0.17 https://support.microsoft.com/help/5097150 12432 12433 12434 5097150 Anonymous <a href="https://www.linkedin.com/in/ashmitsh4rma/">Ashmit Sharma</a> <a href="https://www.linkedin.com/in/ashmitsh4rma/">Ashmit Sharma</a> <a href="https://x.com/ky0tofu">Ky0toFu</a> <a href="https://x.com/ky0tofu">Ky0toFu</a> phrolo7a 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>User interaction in the Exchange Control Panel (ECP) is required to exploit this vulnerability.</p> Microsoft Exchange Server Microsoft Yes CVE-2026-45500 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12293 16792 12502 12039 Spoofing 12293 Spoofing 16792 Spoofing 12502 Spoofing 12039 Important 12293 Important 16792 Important 12502 Important 12039 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 12293 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 16792 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 12502 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 12039 5094142 5066368 12293 Yes Security Update 15.02.1544.041 https://support.microsoft.com/help/5094142 12293 5094142 5094139 https://www.microsoft.com/en-us/download/details.aspx?id=108698 5066366 16792 Yes Security Update 15.02.2562.043 https://support.microsoft.com/help/5094139 16792 5094139 5094140 5066367 12502 Yes Security Update 15.02.1748.046 https://support.microsoft.com/help/5094140 12502 5094140 5094144 5066369 12039 Yes Security Update 15.01.2507.069 https://support.microsoft.com/help/5094144 12039 5094144 P1hcn <a href="https://smlijun.github.io/">DongJun Kim</a> with UIUC 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.</p> Microsoft Exchange Server Microsoft Yes CVE-2026-45501 Server-Side Request Forgery (SSRF) 16792 12039 12502 12293 Spoofing 16792 Spoofing 12039 Spoofing 12502 Spoofing 12293 Important 16792 Important 12039 Important 12502 Important 12293 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16792 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12039 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12502 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12293 5094139 https://www.microsoft.com/en-us/download/details.aspx?id=108698 5066366 16792 Yes Security Update 15.02.2562.043 https://support.microsoft.com/help/5094139 16792 5094139 5094144 5066369 12039 Yes Security Update 15.01.2507.069 https://support.microsoft.com/help/5094144 12039 5094144 5094140 5066367 12502 Yes Security Update 15.02.1748.046 https://support.microsoft.com/help/5094140 12502 5094140 5094142 5066368 12293 Yes Security Update 15.02.1544.041 https://support.microsoft.com/help/5094142 12293 5094142 MARIOS GYFTOS <a href="https://smlijun.github.io/">DongJun Kim (smlijun)</a> with UIUC Hwiwon Lee (hwiwonl) with UIUC Jongseong Kim (nevul37) with UIUC <a href="https://www.linkedin.com/in/talha--gunay/">TALHA G&#220;NAY</a> Younggi Park (grill66) with UIUC <a href="https://www.linkedin.com/in/artemy-tsetsersky/">Artemy Tsetsersky</a> with <a href="https://www.angarasecurity.ru/">Angara Security</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Exchange Server Information Disclosure Vulnerability <p>Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>If successfully exploited, this vulnerability could allow an authenticated user to learn information about internal or external network services that the Exchange server can reach, such as whether a service exists and how it responds. In some cases, error details returned by the server may reveal network addresses, connection status, or limited response data from those services.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, the Exchange server could be used to interact with other internal systems or services that are outside the normal security boundary of Exchange, potentially exposing information about those separate systems.</p> Microsoft Exchange Server Microsoft Yes CVE-2026-45502 Server-Side Request Forgery (SSRF) 12293 12502 12039 16792 Information Disclosure 12293 Information Disclosure 12502 Information Disclosure 12039 Information Disclosure 16792 Important 12293 Important 12502 Important 12039 Important 16792 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.0 4.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C 12293 5.0 4.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C 12502 5.0 4.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C 12039 5.0 4.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C 16792 5094142 5066368 12293 Yes Security Update 15.02.1544.041 https://support.microsoft.com/help/5094142 12293 5094142 5094140 5066367 12502 Yes Security Update 15.02.1748.046 https://support.microsoft.com/help/5094140 12502 5094140 5094144 5066369 12039 Yes Security Update 15.01.2507.069 https://support.microsoft.com/help/5094144 12039 5094144 5094139 https://www.microsoft.com/en-us/download/details.aspx?id=108698 5066366 16792 Yes Security Update 15.02.2562.043 https://support.microsoft.com/help/5094139 16792 5094139 <a href="https://smlijun.github.io/">DongJun Kim (smlijun)</a> with UIUC Hwiwon Lee (hwiwonl) with UIUC Jongseong Kim (nevul37) with UIUC Younggi Park (grill66) with UIUC <a href="https://www.linkedin.com/in/talha--gunay/">TALHA G&#220;NAY</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Exchange Server Information Disclosure Vulnerability <p>Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated Outlook Web App user could exploit this issue by reusing a valid access token issued to their own mailbox to access attachments stored in another user’s mailbox within the same Exchange organization, without authorization.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker could gain unauthorized access to email attachments stored in other users’ mailboxes within the same organization, which may include documents, images, or other files attached to emails.</p> Microsoft Exchange Server Microsoft Yes CVE-2026-45503 Improper Authorization 12039 16792 12502 12293 Information Disclosure 12039 Information Disclosure 16792 Information Disclosure 12502 Information Disclosure 12293 Important 12039 Important 16792 Important 12502 Important 12293 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12039 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 16792 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12502 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12293 5094144 5066369 12039 Yes Security Update 15.01.2507.069 https://support.microsoft.com/help/5094144 12039 5094144 5094139 https://www.microsoft.com/en-us/download/details.aspx?id=108698 5066366 16792 Yes Security Update 15.02.2562.043 https://support.microsoft.com/help/5094139 16792 5094139 5094140 5066367 12502 Yes Security Update 15.02.1748.046 https://support.microsoft.com/help/5094140 12502 5094140 5094142 5066368 12293 Yes Security Update 15.02.1544.041 https://support.microsoft.com/help/5094142 12293 5094142 Anonymous Vaibhavi Kalgutkar with Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Exchange Server Elevation of Privilege Vulnerability <p>Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could gain elevated privileges beyond those normally available to them, allowing actions such as accessing restricted information or performing operations that are typically limited to more highly privileged users or administrators.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker with a low-privilege user account and an assigned mailbox, could exploit weaknesses in how Exchange validates requests and identity tokens to impersonate another user. By doing so, the attacker could then access mailboxes through Exchange services as if they were that user.</p> Microsoft Exchange Server Microsoft Yes CVE-2026-45504 Server-Side Request Forgery (SSRF) 16792 12502 12039 12293 Elevation of Privilege 16792 Elevation of Privilege 12502 Elevation of Privilege 12039 Elevation of Privilege 12293 Important 16792 Important 12502 Important 12039 Important 12293 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16792 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12502 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12293 5094139 https://www.microsoft.com/en-us/download/details.aspx?id=108698 5066366 16792 Yes Security Update 15.02.2562.043 https://support.microsoft.com/help/5094139 16792 5094139 5094140 5066367 12502 Yes Security Update 15.02.1748.046 https://support.microsoft.com/help/5094140 12502 5094140 5094144 5066369 12039 Yes Security Update 15.01.2507.069 https://support.microsoft.com/help/5094144 12039 5094144 5094142 5066368 12293 Yes Security Update 15.02.1544.041 https://support.microsoft.com/help/5094142 12293 5094142 MARIOS GYFTOS 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p>Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?</strong></p> <p>Exploitation depends on an attacker being able to place themselves in a machine‑in‑the‑middle position on the network during use of the affected script. Because this requires specific network conditions that are not commonly present, the vulnerability is more difficult to exploit than issues that can be triggered directly.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker who is able to intercept network traffic could interfere with the secure connection used by the Exchange migration script and inject malicious data. When the script is run during a hybrid migration, this could cause unintended commands to run on the on‑premises Exchange server with administrative permissions.</p> <p><strong>Is there anything to be done in addition to installing the June 2026 security updates for my Exchange Server?</strong></p> <p>Yes, Microsoft recommends that customers download and use the latest, fixed version of the Public Folder scripts. The versions of the Public Folder scripts included with Exchange Server are outdated and will be removed in a future update. Customers can download the latest version of the Public Folder scripts <a href="https://aka.ms/PublicFolderScripts">here</a>.</p> Microsoft Exchange Server Microsoft Yes CVE-2026-45583 Improper Control of Generation of Code ('Code Injection') 12039 12293 12502 16792 Remote Code Execution 12039 Remote Code Execution 12293 Remote Code Execution 12502 Remote Code Execution 16792 Important 12039 Important 12293 Important 12502 Important 16792 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12293 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12502 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16792 5094144 5066369 12039 Yes Security Update 15.01.2507.069 https://support.microsoft.com/help/5094144 12039 5094144 5094142 5066368 12293 Yes Security Update 15.02.1544.041 https://support.microsoft.com/help/5094142 12293 5094142 5094140 5066367 12502 Yes Security Update 15.02.1748.046 https://support.microsoft.com/help/5094140 12502 5094140 5094139 https://www.microsoft.com/en-us/download/details.aspx?id=108698 5066366 16792 Yes Security Update 15.02.2562.043 https://support.microsoft.com/help/5094139 16792 5094139 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Bluetooth Service Elevation of Privilege Vulnerability <p>Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain ELEVATED privileges, which may allow them to perform actions beyond their original permissions.</p> Windows Bluetooth Service Microsoft Yes CVE-2026-45605 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 hazard 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability <p>Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of process memory.</p> Windows RDP Microsoft Yes CVE-2026-45639 Out-of-bounds Read 12457 11568 11569 11571 11572 11849 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 12457 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11849 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 12457 Important 11568 Important 11569 Important 11571 Important 11572 Important 11849 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12457 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11849 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Maybe Security Update 2.0.1193.0 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Maybe Security Update 1.2.7214.0 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Release Notes 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/hareh4ru">Kyeongmin Kim (@hareh4ru)</a> with <a href="https://kaist-hacking.github.io/">KAIST Hacking Lab</a> pwn2addr 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Bluetooth Port Driver Elevation of Privilege Vulnerability <p>Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Bluetooth Port Driver Microsoft Yes CVE-2026-45640 Use After Free 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 hazard 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability <p>Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.</p> Microsoft UxTheme Library (uxtheme.dll) Microsoft Yes CVE-2026-45606 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 20853 Denial of Service 20854 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20854 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/heegong123">HeeChan Kim</a> of <a href="https://teamh4c.com">TeamH4C</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Hyper-V Remote Code Execution Vulnerability <p>Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Windows Hyper-V Microsoft Yes CVE-2026-45607 Out-of-bounds Read 11569 11571 11572 11923 11924 11931 12097 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10853 10816 10855 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11931 Critical 12097 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11931 12097 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10853 10816 10855 5094122 MORSE with Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Hyper-V Remote Code Execution Vulnerability <p>Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Role: Windows Hyper-V Microsoft Yes CVE-2026-45641 Access of Resource Using Incompatible Type ('Type Confusion') 11923 11924 11931 12097 12437 20438 12243 12390 12436 20853 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12437 Remote Code Execution 20438 Remote Code Execution 12243 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Critical 11923 Critical 11924 Critical 11931 Critical 12097 Critical 12437 Critical 20438 Critical 12243 Critical 12390 Critical 12436 Critical 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11931 12097 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 5095051 MORSE with Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DHCP Client Information Disclosure Vulnerability <p>Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Successful exploitation could allow an attacker to read a limited amount of information from the affected system’s memory. This information would be restricted in scope and is not expected to expose large amounts of sensitive data.</p> Windows DHCP Server Microsoft Yes CVE-2026-45634 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Microsoft <a href="https://www.linkedin.com/in/brandon-fisher-666bb01b8">Brandon Fisher</a> <a href="https://www.linkedin.com/in/brandon-fisher-666bb01b8">Brandon Fisher</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability <p>Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.</p> <p><strong>How do I protect myself from this vulnerability?</strong></p> <p>Microsoft has already deployed a service-side fix for this vulnerability in Azure Attestation. No customer patching or update installation is required.</p> <h3 id="to-ensure-you-remain-protected-follow-the-guidance-below">To ensure you remain protected, follow the guidance below:</h3> <ul> <li><p>Use the latest supported attestation policy</p> <ul> <li>No action is required if you are already using the current <a href="http://https://learn.microsoft.com/en-us/azure/attestation/policy-version-1-2.">recommended policy version (1.2)</a> for Azure Attestation.</li> </ul> </li> <li><p>Do not rely on certain attestation events for security decisions</p> <ul> <li>Customers should not use the following events for security assertions in attestation policies:</li> </ul> </li> </ul> <pre><code>EV_EFI_VARIABLE_AUTHORITY EV_EFI_BOOT_SERVICES_APPLICATION </code></pre> <p><em><strong>These events can no longer be considered trustworthy signals for attestation evaluation.</strong></em></p> <h3 id="adjust-existing-policies-if-needed">Adjust existing policies if needed</h3> <ul> <li>If your current attestation policy relies on these events for security enforcement, update it to remove them.</li> <li>You may still reference these events for diagnostic or informational purposes only, but they should not be used to make trust decisions.</li> </ul> <h3 id="continue-monitoring-via-supported-claims">Continue monitoring via supported claims</h3> <ul> <li>If needed, the above events are still available in the allEvents claim.</li> <li>However, Microsoft does not guarantee the integrity or trustworthiness of data within these events.</li> </ul> Microsoft Azure Attestation service and Device Health Attestation Service Microsoft Yes CVE-2026-45642 Improper Input Validation 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 20437 Spoofing 20438 Spoofing 12242 Spoofing 12243 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 20853 Spoofing 20854 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11568 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11569 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11929 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11930 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12097 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12098 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12099 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12437 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 20437 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 20438 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12242 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12243 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12389 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12390 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12436 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 20853 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 20854 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10852 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10853 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10816 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10855 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10378 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10379 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10483 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/nickeverdox/">Nick Peterson</a> with <a href="https://www.riotgames.com/">Riot Games</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Word Microsoft Yes CVE-2026-45643 Untrusted Pointer Dereference 11762 11763 11951 11952 11953 12420 12421 12440 21368 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 21368 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 21368 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 Click to Run 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 11952 11953 12420 12421 Click to Run 0ccbbf129444eb66344ccafb92b00df4 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Microsoft Yes CVE-2026-45645 Untrusted Pointer Dereference 21368 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 21368 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Important 21368 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002852 https://www.microsoft.com/en-us/download/details.aspx?id=108689 5002713 10753 10754 Maybe Security Update 16.0.5556.1001 https://support.microsoft.com/help/5002852 10753 10754 5002852 0ccbbf129444eb66344ccafb92b00df4 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Active Directory Domain Services Remote Code Execution Vulnerability <p>Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>A domain‑authenticated attacker with access to the NSPI RPC interface can provide crafted inputs that trigger an out‑of‑bounds write in the directory service process, leading to memory corruption/remote code execution.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.</p> Active Directory Domain Services Microsoft Yes CVE-2026-45648 Stack-based Buffer Overflow 11923 11924 12437 12436 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12436 Critical 11923 Critical 11924 Critical 12437 Critical 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Office for Android Spoofing Vulnerability <p>Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Word, PowerPoint and Excel for Android currently available?</strong></p> <p>The security update for Microsoft Word for Android, Microsoft PowerPoint for Android and Microsoft Excel for Android are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Office for Android Microsoft Yes CVE-2026-45649 Improper Access Control 12031 12032 11772 Spoofing 12031 Spoofing 12032 Spoofing 11772 Important 12031 Important 12032 Important 11772 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12031 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12032 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11772 <a href="https://twitter.com/yanir_">Yanir Tsarimi</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Bing Search Spoofing Vulnerability <p>User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Bing Microsoft Yes CVE-2026-45650 User Interface (UI) Misrepresentation of Critical Information 11771 Spoofing 11771 Important 11771 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11771 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.bing 11771 Maybe Security Update 33.3 https://play.google.com/store/apps/details?id=com.microsoft.bing 11771 Release Notes Alfaz Hossain 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2026-45655 Protection Mechanism Failure 20854 20853 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 20854 Security Feature Bypass 20853 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 20854 Important 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20854 20853 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20854 20853 5095051 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2026-06-09T07:00:00 <p>Information published.</p> UEFI Secure Boot Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>Successfully exploiting this vulnerability could weaken Windows Secure Boot protections that help ensure only trusted boot components are loaded during system startup. This could allow the system to start in a less protected state, reducing the effectiveness of safeguards that maintain the integrity of the boot process.</p> Windows UEFI Microsoft Yes CVE-2026-45656 Protection Mechanism Failure 20854 20853 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 20854 Security Feature Bypass 20853 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 20854 Important 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20854 20853 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20854 20853 5095051 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Kernel Remote Code Execution Vulnerability <p>Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by sending specially crafted network traffic to a vulnerable Windows system. If successful, the malicious network packets could trigger a flaw in how the Windows kernel processes certain TCP/IP data, potentially allowing the attacker to run code with system-level privileges without needing to sign in or interact with a user.</p> Windows Kernel Microsoft Yes CVE-2026-45657 Use After Free Heap-based Buffer Overflow 11923 11924 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Critical 11923 Critical 11924 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Visual Studio Code Tampering Vulnerability <p>Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.</p> Visual Studio Code Microsoft Yes CVE-2026-47287 Relative Path Traversal 11622 Tampering 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/download 11622 Maybe Security Update 1.123.2 https://code.visualstudio.com/updates/ 11622 Release Notes Ian Brandeberry with <a href="https://msrc.microsoft.com/">Microsoft</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Kerberos Key Distribution Center (KDC) Remote Code Execution <p>Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker who is already authenticated to the domain could send specially crafted authentication-related data to a domain controller, causing the affected Windows component to incorrectly handle memory. This could allow the attacker to disrupt the service or gain higher privileges on the domain controller without any user interaction.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> Windows Kerberos Microsoft Yes CVE-2026-47288 Integer Overflow or Wraparound 11571 11572 11923 11924 12437 12436 10816 10855 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12437 Critical 12436 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by persuading a user to connect with the Remote Desktop client to a system that presents a specially crafted Remote Desktop Protocol (RDP) certificate. When the client processes the malformed certificate during the connection process, the attacker could run code on the user’s device in the context of the Remote Desktop client, with the same privileges as the user running it.</p> Remote Desktop Client Microsoft Yes CVE-2026-47289 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 12457 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12457 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 12457 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12457 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Maybe Security Update 2.0.1193.0 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Raymond Reskusich 1.0 2026-06-09T07:00:00 <p>Information published.</p> HTTP.sys Remote Code Execution Vulnerability <p>Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.</p> Windows HTTP.sys Microsoft Yes CVE-2026-47291 Integer Overflow or Wraparound Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <p>To help protect against this vulnerability prior to installing the June 2026 security updates for your operating system, you may need to modify the MaxRequestBytes registry value used by the Windows HTTP stack if it isn't set to the default value.</p> <p><strong>Note</strong></p> <ul> <li>Systems using the default value (16384 bytes / 16 KB) are not impacted by this vulnerability.</li> <li>Configurations that increase this value beyond safe limits may expose the system.</li> <li>The minimum safe value to avoid this vulnerability is 65534 bytes (~65 KB).</li> <li>Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Use Registry Editor at your own risk.</li> </ul> <h3 id="configure-the-registry-setting-using-registry-editor">Configure the registry setting using Registry Editor</h3> <ol> <li><p>Select <strong>Start</strong>, type <strong>regedit</strong>, and open <strong>Registry Editor</strong>.</p> </li> <li><p>Navigate to the following registry key:</p> <p><code>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters</code></p> </li> <li><p>Locate the value <strong>MaxRequestBytes</strong>:</p> </li> </ol> <ul> <li><p>If the value does not exist:</p> <ul> <li>Right-click in the right pane → <strong>New</strong> → <strong>DWORD (32-bit) Value</strong></li> <li>Name the value: <strong>MaxRequestBytes</strong></li> </ul> </li> </ul> <ol> <li>Double-click <strong>MaxRequestBytes</strong> and configure the value:</li> </ol> <ul> <li><p>Select <strong>Decimal</strong></p> </li> <li><p>Set one of the following values:</p> <ul> <li><strong>16384</strong> → Default (recommended; not vulnerable)</li> <li><strong>65534</strong> → Lowest value that avoids exposure while allowing larger requests</li> </ul> </li> </ul> <ol> <li><p>Select OK, and then close Registry Editor.</p> </li> <li><p>Restart the HTTP service or restart the system</p> <pre><code>net stop http /y net start http </code></pre> </li> </ol> <h3 id="configure-the-registry-setting-using-powershell">Configure the registry setting using PowerShell</h3> <ol> <li><p>Open PowerShell as Administrator.</p> </li> <li><p>Run the following command:</p> <pre><code>$path = &quot;HKLM:\SYSTEM\CurrentControlSet\Services\HTTP\Parameters&quot; New-ItemProperty -Path $path -Name MaxRequestBytes -PropertyType DWORD -Value 16384 -Force </code></pre> <ul> <li>Replace 16384 with another value (for example, 65534) if required.</li> </ul> </li> <li><p>Restart the HTTP service:</p> <pre><code>net stop http /y net start http </code></pre> </li> </ol> <h3 id="verify-the-registry-setting">Verify the registry setting</h3> <p>Run the following command to confirm the configured value:</p> <p><code>reg query HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters /v MaxRequestBytes</code></p> <h3 id="how-to-revert-the-change-undo-the-mitigation">How to revert the change (undo the mitigation)</h3> <p><strong>Restore the default value</strong></p> <ol> <li><p>Open <strong>Registry Editor</strong>.</p> </li> <li><p>Navigate to:</p> <p><code>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters</code></p> </li> <li><p>Set MaxRequestBytes to:</p> <p><code>16384</code></p> </li> </ol> <p><strong>Or remove the registry value</strong></p> <ul> <li>Delete the MaxRequestBytes registry entry.</li> <li>Windows will use the default behavior.</li> </ul> <p><strong>Apply the rollback</strong></p> <ol> <li>Double-click <strong>MaxRequestBytes</strong> and configure the value:</li> <li>Restart the HTTP service or restart the system.</li> </ol> Microsoft haowei yan <a href="https://infosec.exchange/@ynwarcs">goodbyeselene</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability <p>Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.</p> Visual Studio Code Microsoft Yes CVE-2026-47292 Inclusion of Functionality from Untrusted Control Sphere Improper Control of Generation of Code ('Code Injection') 21353 Elevation of Privilege 21353 Important 21353 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21353 Release Notes https://code.visualstudio.com/download 21353 Maybe Security Update 1.123.2 https://code.visualstudio.com/updates/ 21353 Release Notes Bankde Eakasit with <a href="https://www.secure-d.tech/">Secure D Center</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Kinect Elevation of Privilege Vulnerability <p>Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Kinect Microsoft Yes CVE-2026-41092 Improper Access Control 20854 20853 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 20854 Elevation of Privilege 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20854 Important 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20854 20853 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20854 20853 5095051 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Maximilian Letzner with <a href="https://deutschebahn.com/">Deutsche Bahn AG</a> Oliver Matula with <a href="https://www.dbsystel.de/">DB Systel GmbH</a> Tim Kornhuber with <a href="https://www.dbsystel.de/">DB Systel GmbH</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability <p>Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker who can run an untrusted container configured with hostNetwork could send specially crafted requests to a host‑level service that was not intended for unauthenticated access. This could allow the attacker to break out of the container and gain control of the AKS worker node.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> Microsoft Azure Kubernetes Service Microsoft Yes CVE-2026-32193 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 11870 Remote Code Execution 11870 Critical 11870 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11870 Release Notes https://github.com/Azure/AgentBaker/tree/v0.20260213.5 11870 No Security Update v0.20260213.5 https://learn.microsoft.com/en-us/azure/aks/upgrade-node-image 11870 Release Notes <a href="https://www.linkedin.com/in/ori-lahav/">Ori Lahav</a> with <a href="https://www.rubrik.com/">Rubrik</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p>Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-47298 Improper Authorization 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 Chumy Tsai (@rm_rf_chumy) with CyCraft Technology 1.0 2026-06-09T07:00:00 <p>Information published.</p> 1.1 2026-06-10T07:00:00 <p>Updated an acknowledgement. This is an informational change only.</p> Microsoft Exchange Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could attempt to exploit this vulnerability by convincing an Exchange administrator to open specially crafted content, such as a malicious link or message, which could allow the attacker to run code in the administrator’s web session.</p> Microsoft Exchange Server Microsoft Yes CVE-2026-47631 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12039 12293 12502 16792 Spoofing 12039 Spoofing 12293 Spoofing 12502 Spoofing 16792 Important 12039 Important 12293 Important 12502 Important 16792 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12039 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12293 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12502 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 16792 5094144 5066369 12039 Yes Security Update 15.01.2507.069 https://support.microsoft.com/help/5094144 12039 5094144 5094142 5066368 12293 Yes Security Update 15.02.1544.041 https://support.microsoft.com/help/5094142 12293 5094142 5094140 5066367 12502 Yes Security Update 15.02.1748.046 https://support.microsoft.com/help/5094140 12502 5094140 5094139 https://www.microsoft.com/en-us/download/details.aspx?id=108698 5066366 16792 Yes Security Update 15.02.2562.043 https://support.microsoft.com/help/5094139 16792 5094139 P1hcn Anonymous 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Azure Stack Edge Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by uploading a crafted SSL/TLS certificate containing malicious JavaScript in its X.509 Subject or Issuer fields to the Azure Stack Edge Local UI certificate management interface. When an administrator views the certificate details, the script executes in their browser session, allowing the attacker to perform administrative actions and access sensitive configuration or cryptographic material within the Local UI.</p> Azure Stack Edge Microsoft Yes CVE-2026-41098 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12093 Spoofing 12093 Important 12093 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12093 Release Notes https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/updt/2026/05/release~ase-2605b.3.3.2604.3097-362231-164445779-r_gateway_servercore_host_b_softwareupdatepackage.0_7d13687cd3d939380ee04cbfe1e68e268f41fd38.exe 12093 No Security Update 3.3.2604.3097 https://learn.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-2604-release-notes 12093 Release Notes <a href="https://www.linkedin.com/in/hay-mizrachi/">Hay Mizrachi</a> with <a href="https://microsoft.com/">Microsoft</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Outlook and Word Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>Why is Microsoft Word listed in the Security Updates table but the title indicates that Outlook is affected?</strong></p> <p>This vulnerability can be exploited when rendering email in Outlook (classic). The rendering of email in Outlook (classic) uses Microsoft Word functionality. The vulnerability is in the Word functionality and is exploitable through Outlook (classic).</p> Microsoft Office Microsoft Yes CVE-2026-47635 Heap-based Buffer Overflow 12420 12421 Remote Code Execution 12420 Remote Code Execution 12421 Critical 12420 Critical 12421 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 Click to Run 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 12420 12421 Click to Run 0ccbbf129444eb66344ccafb92b00df4 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious link and convince the user to open it.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-47637 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 Adi Ivascu 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious link and convince the user to open it.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-47638 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-47639 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious link and convince the user to open it.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-47641 Improper Input Validation 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2026-45588 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 20853 Security Feature Bypass 20854 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20854 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft Offensive Research &amp; Security Engineering (MORSE) 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Storage Elevation of Privilege Vulnerability <p>Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Storage Microsoft Yes CVE-2026-47648 Untrusted Search Path 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/qymag1c">QYmag1c</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> UEFI Secure Boot Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>Successfully exploiting this vulnerability could bypass UEFI Secure Boot, a security feature designed to ensure that only trusted software runs when a device starts. This could allow an attacker with local administrator privileges or physical access to run untrusted code early in the boot process, before the operating system’s protections are active.</p> Windows UEFI CERT/CC Yes CVE-2026-8863 11571 11923 11924 11572 11568 11569 11929 11930 11931 12097 12098 20437 12099 12437 20438 12243 12242 12389 12390 20853 12436 20854 10852 10853 10816 10855 10379 10378 10483 10543 Security Feature Bypass 11571 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11572 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 20437 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20438 Security Feature Bypass 12243 Security Feature Bypass 12242 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 20853 Security Feature Bypass 12436 Security Feature Bypass 20854 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10379 Security Feature Bypass 10378 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11571 Important 11923 Important 11924 Important 11572 Important 11568 Important 11569 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 20437 Important 12099 Important 12437 Important 20438 Important 12243 Important 12242 Important 12389 Important 12390 Important 20853 Important 12436 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10379 Important 10378 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11571 11572 11568 11569 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11571 11572 11568 11569 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12243 12242 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12243 12242 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10379 10378 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10379 10378 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Martin Smolar ESET Martin Smolar ESET 1.0 2026-06-09T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by persuading a user to connect to a malicious Remote Desktop Protocol (RDP) server using a vulnerable RDP client. The malicious server could send specially crafted responses that trigger memory corruption on the client system, potentially allowing arbitrary code execution in the context of the logged-on user. Successful exploitation requires user interaction to establish the RDP connection.</p> Remote Desktop Client Microsoft Yes CVE-2026-47653 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/hareh4ru">Kyeongmin Kim</a> with <a href="https://kaist-hacking.github.io/">KAIST Hacking Lab</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Hyper-V Remote Code Execution Vulnerability <p>Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by running code within a virtualized environment and issuing a specially crafted hypercall with a maliciously large or malformed payload size. By manipulating this input, the attacker can trigger a buffer overflow in the hypervisor during memory operations.</p> Windows Hyper-V Microsoft Yes CVE-2026-47652 Heap-based Buffer Overflow 11923 11924 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Critical 11923 Critical 11924 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 MORSE with Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Remote Desktop Client Microsoft Yes CVE-2026-47654 Use After Free 11571 11572 11923 11924 12437 12436 10816 10855 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12437 Critical 12436 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.5 6.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 11571 7.5 6.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 11572 7.5 6.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 11923 7.5 6.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 11924 7.5 6.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 12437 7.5 6.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 12436 7.5 6.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 10816 7.5 6.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C 10855 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10816 10855 5094122 ʌ!ɔ⊥ojv 1.0 2026-06-09T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Remote Desktop Client Microsoft Yes CVE-2026-48563 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Arnab Sengupta 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DWM Core Library Information Disclosure Vulnerability <p>Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows DWM Core Library Microsoft Yes CVE-2026-48566 Out-of-bounds Read 12437 20437 20438 12389 12390 12436 20853 20854 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Important 12437 Important 20437 Important 20438 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5087539 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539 5082063 12437 12436 Yes Security Update 10.0.26100.32860 https://support.microsoft.com/help/5087539 12437 12436 5087539 5087539 https://support.microsoft.com/help/5087539 12437 12436 5087423 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423 12437 12436 Yes Security Hotpatch Update 10.0.26100.32772 https://support.microsoft.com/help/5087423 12437 12436 5087423 5089549 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549 5083769 20437 20438 Yes Security Update 10.0.26200.8457 https://support.microsoft.com/help/5089549 20437 20438 5089549 5089549 https://support.microsoft.com/help/5089549 20437 20438 12389 12390 5089466 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466 20437 20438 Yes Security Hotpatch Update 10.0.26200.8390 https://support.microsoft.com/help/5089466 20437 20438 5089466 5089549 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549 5082063 12389 12390 Yes Security Update 10.0.26100.8457 https://support.microsoft.com/help/5089549 12389 12390 5089549 5089466 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466 12389 12390 Yes Security Hotpatch Update 10.0.26100.8390 https://support.microsoft.com/help/5089466 12389 12390 5089466 5089548 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548 5083768 20853 20854 Yes Security Update 10.0.28000.2113 https://support.microsoft.com/help/5089548 20853 20854 5089548 namnp with <a href="https://x.com/vcslab">Viettel Cyber Security</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> 1.1 2026-06-09T07:00:00 <p>Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who have already installed the May 2026 updates do not need to take any further action.</p> Secure Boot Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2026-48568 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 20853 Security Feature Bypass 20854 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20854 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2026-06-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2026-48570 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 20853 Security Feature Bypass 20854 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 11568 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 11569 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 11571 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 11572 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 11923 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 11924 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 11929 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 11930 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 11931 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 12097 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 12098 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 12099 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 12437 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 20437 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 20438 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 12242 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 12243 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 12389 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 12390 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 12436 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 20853 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 20854 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 10852 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 10853 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 10816 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 10855 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 10378 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 10379 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 10483 7.9 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2026-06-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2026-48573 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 20853 Security Feature Bypass 20854 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20854 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2026-06-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2026-48575 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 20853 Security Feature Bypass 20854 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20854 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2026-06-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2026-48576 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 20853 Security Feature Bypass 20854 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20854 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2026-06-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2026-48578 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20854 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2026-48583 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 <a href="https://x.com/calysteon">Nathaniel Oh (@calysteon)</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Chromium: CVE-2026-10881 Out of bounds read and write in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10881 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:56 <p>Information published.</p> Chromium: CVE-2026-10884 Use after free in Chromecast <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10884 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:02 <p>Information published.</p> Chromium: CVE-2026-10887 Use after free in Chromoting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10887 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:05 <p>Information published.</p> Chromium: CVE-2026-10888 Use after free in Cast Streaming <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10888 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:06 <p>Information published.</p> Chromium: CVE-2026-10889 Out of bounds read in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10889 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:08 <p>Information published.</p> Chromium: CVE-2026-10890 Use after free in Cast <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10890 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:09 <p>Information published.</p> Chromium: CVE-2026-10895 Use after free in Ozone <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10895 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:15 <p>Information published.</p> Chromium: CVE-2026-10897 Out of bounds write in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10897 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:16 <p>Information published.</p> Chromium: CVE-2026-10898 Stack buffer overflow in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10898 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:18 <p>Information published.</p> Chromium: CVE-2026-10899 Use after free in Ozone <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10899 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:19 <p>Information published.</p> Chromium: CVE-2026-10900 Use after free in Passwords <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10900 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:20 <p>Information published.</p> Chromium: CVE-2026-10903 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10903 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:24 <p>Information published.</p> Chromium: CVE-2026-10908 Use after free in FullScreen <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10908 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:30 <p>Information published.</p> Chromium: CVE-2026-10909 Use after free in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10909 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:31 <p>Information published.</p> Chromium: CVE-2026-10910 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10910 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:32 <p>Information published.</p> Chromium: CVE-2026-10911 Insufficient validation of untrusted input in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10911 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:34 <p>Information published.</p> Chromium: CVE-2026-10912 Insufficient validation of untrusted input in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10912 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:35 <p>Information published.</p> Chromium: CVE-2026-10914 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10914 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:37 <p>Information published.</p> Chromium: CVE-2026-10916 Insufficient validation of untrusted input in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10916 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:39 <p>Information published.</p> Chromium: CVE-2026-10918 Use after free in Viz <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10918 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:41 <p>Information published.</p> Chromium: CVE-2026-10919 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10919 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:42 <p>Information published.</p> Chromium: CVE-2026-10921 Integer overflow in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10921 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:44 <p>Information published.</p> Chromium: CVE-2026-10922 Insufficient validation of untrusted input in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10922 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:45 <p>Information published.</p> Chromium: CVE-2026-10924 Integer overflow in Chromecast <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10924 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:47 <p>Information published.</p> Chromium: CVE-2026-10925 Out of bounds write in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10925 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:49 <p>Information published.</p> Chromium: CVE-2026-10927 Out of bounds read in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10927 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:51 <p>Information published.</p> Chromium: CVE-2026-10928 Script injection in Headless <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10928 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:52 <p>Information published.</p> Chromium: CVE-2026-10931 Use after free in FileSystem <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10931 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:55 <p>Information published.</p> Chromium: CVE-2026-10932 Use after free in UI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10932 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:56 <p>Information published.</p> Chromium: CVE-2026-10933 Use after free in Audio <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10933 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:57 <p>Information published.</p> Chromium: CVE-2026-10935 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10935 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:00 <p>Information published.</p> Chromium: CVE-2026-10936 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10936 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:01 <p>Information published.</p> Chromium: CVE-2026-10939 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10939 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:05 <p>Information published.</p> Chromium: CVE-2026-10940 Race in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10940 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:06 <p>Information published.</p> Chromium: CVE-2026-10941 Out of bounds memory access in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10941 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:08 <p>Information published.</p> Chromium: CVE-2026-10942 Insufficient validation of untrusted input in UI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10942 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:09 <p>Information published.</p> Chromium: CVE-2026-10943 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10943 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:10 <p>Information published.</p> Chromium: CVE-2026-10946 Heap buffer overflow in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10946 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:14 <p>Information published.</p> Chromium: CVE-2026-10947 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10947 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:15 <p>Information published.</p> Chromium: CVE-2026-10949 Heap buffer overflow in Video <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10949 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:17 <p>Information published.</p> Chromium: CVE-2026-10954 Use after free in Actor <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10954 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:23 <p>Information published.</p> Chromium: CVE-2026-10956 Use after free in MimeHandlerView <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10956 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:26 <p>Information published.</p> Chromium: CVE-2026-10957 Use after free in Glic <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10957 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:27 <p>Information published.</p> Chromium: CVE-2026-10960 Uninitialized Use in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10960 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:31 <p>Information published.</p> Chromium: CVE-2026-10962 Type Confusion in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10962 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:33 <p>Information published.</p> Chromium: CVE-2026-10964 Integer overflow in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10964 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:35 <p>Information published.</p> Chromium: CVE-2026-10965 Integer overflow in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10965 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:36 <p>Information published.</p> Chromium: CVE-2026-10966 Insufficient validation of untrusted input in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10966 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:37 <p>Information published.</p> Chromium: CVE-2026-10969 Insufficient validation of untrusted input in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10969 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:40 <p>Information published.</p> Chromium: CVE-2026-10970 Insufficient validation of untrusted input in InterestGroups <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10970 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:41 <p>Information published.</p> Chromium: CVE-2026-10971 Insufficient validation of untrusted input in Printing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10971 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:42 <p>Information published.</p> Chromium: CVE-2026-10972 Use after free in Ozone <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10972 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:44 <p>Information published.</p> Chromium: CVE-2026-10973 Uninitialized Use in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10973 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:45 <p>Information published.</p> Chromium: CVE-2026-10974 Insufficient validation of untrusted input in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10974 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:46 <p>Information published.</p> Chromium: CVE-2026-10975 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10975 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:47 <p>Information published.</p> Chromium: CVE-2026-10976 Uninitialized Use in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10976 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:48 <p>Information published.</p> Chromium: CVE-2026-10977 Uninitialized Use in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10977 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:49 <p>Information published.</p> Chromium: CVE-2026-10978 Use after free in Chromoting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10978 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:50 <p>Information published.</p> Chromium: CVE-2026-10981 Insufficient validation of untrusted input in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10981 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:53 <p>Information published.</p> Chromium: CVE-2026-10982 Use after free in WebXR <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10982 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:54 <p>Information published.</p> Chromium: CVE-2026-10983 Insufficient validation of untrusted input in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10983 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:56 <p>Information published.</p> Chromium: CVE-2026-10989 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10989 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:02 <p>Information published.</p> Chromium: CVE-2026-10990 Use after free in Glic <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10990 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:03 <p>Information published.</p> Chromium: CVE-2026-10991 Use after free in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10991 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:04 <p>Information published.</p> Chromium: CVE-2026-10992 Insufficient data validation in Animation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10992 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:05 <p>Information published.</p> Chromium: CVE-2026-10993 Heap buffer overflow in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10993 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:06 <p>Information published.</p> Chromium: CVE-2026-10994 Uninitialized Use in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10994 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:07 <p>Information published.</p> Chromium: CVE-2026-10995 Heap buffer overflow in TabStrip <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10995 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:09 <p>Information published.</p> Chromium: CVE-2026-10996 Inappropriate implementation in Workers <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10996 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:10 <p>Information published.</p> Chromium: CVE-2026-10997 Insufficient policy enforcement in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10997 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:11 <p>Information published.</p> Chromium: CVE-2026-10998 Out of bounds read in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10998 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:12 <p>Information published.</p> Chromium: CVE-2026-11000 Use after free in Fonts <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11000 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:14 <p>Information published.</p> Chromium: CVE-2026-11006 Out of bounds read in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11006 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:21 <p>Information published.</p> Chromium: CVE-2026-11008 Insufficient validation of untrusted input in WebAppInstalls <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11008 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:23 <p>Information published.</p> Chromium: CVE-2026-11009 Use after free in USB <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11009 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:24 <p>Information published.</p> Chromium: CVE-2026-11013 Insufficient validation of untrusted input in Network <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11013 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:29 <p>Information published.</p> Chromium: CVE-2026-11015 Out of bounds read in WebGPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11015 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:31 <p>Information published.</p> Chromium: CVE-2026-11016 Insufficient validation of untrusted input in Network <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11016 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:32 <p>Information published.</p> Chromium: CVE-2026-11020 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11020 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:37 <p>Information published.</p> Chromium: CVE-2026-11021 Insufficient validation of untrusted input in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11021 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:38 <p>Information published.</p> Chromium: CVE-2026-11022 Insufficient validation of untrusted input in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11022 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:39 <p>Information published.</p> Chromium: CVE-2026-11024 Stack buffer overflow in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11024 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:42 <p>Information published.</p> Chromium: CVE-2026-11028 Use after free in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11028 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:46 <p>Information published.</p> Chromium: CVE-2026-11033 Uninitialized Use in WebML <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11033 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:52 <p>Information published.</p> Chromium: CVE-2026-11036 Inappropriate implementation in DOM <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11036 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:55 <p>Information published.</p> Chromium: CVE-2026-11037 Out of bounds write in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11037 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:56 <p>Information published.</p> Chromium: CVE-2026-11038 Insufficient validation of untrusted input in Subresource Integrity <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11038 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:57 <p>Information published.</p> Chromium: CVE-2026-11040 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11040 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:00 <p>Information published.</p> Chromium: CVE-2026-11041 Insufficient validation of untrusted input in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11041 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:01 <p>Information published.</p> Chromium: CVE-2026-11044 Integer overflow in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11044 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:04 <p>Information published.</p> Chromium: CVE-2026-11046 Insufficient validation of untrusted input in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11046 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:06 <p>Information published.</p> Chromium: CVE-2026-11047 Insufficient validation of untrusted input in Base <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11047 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:08 <p>Information published.</p> Chromium: CVE-2026-11048 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11048 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:09 <p>Information published.</p> Chromium: CVE-2026-11049 Use after free in Password Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11049 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:10 <p>Information published.</p> Chromium: CVE-2026-11050 Use after free in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11050 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:11 <p>Information published.</p> Chromium: CVE-2026-11051 Out of bounds read in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11051 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:12 <p>Information published.</p> Chromium: CVE-2026-11052 Type Confusion in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11052 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:14 <p>Information published.</p> Chromium: CVE-2026-11053 VULNERABILITY in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11053 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:15 <p>Information published.</p> Chromium: CVE-2026-11055 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11055 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:17 <p>Information published.</p> Chromium: CVE-2026-11056 Insufficient validation of untrusted input in SiteIsolation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11056 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:18 <p>Information published.</p> Chromium: CVE-2026-11057 Uninitialized Use in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11057 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:19 <p>Information published.</p> Chromium: CVE-2026-11058 Integer overflow in CredentialProvider <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11058 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:21 <p>Information published.</p> Chromium: CVE-2026-11059 Use after free in Blink <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11059 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:22 <p>Information published.</p> Chromium: CVE-2026-11060 Use after free in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11060 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:23 <p>Information published.</p> Chromium: CVE-2026-11061 Out of bounds read in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11061 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:24 <p>Information published.</p> Chromium: CVE-2026-11067 Uninitialized Use in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11067 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:31 <p>Information published.</p> Chromium: CVE-2026-11069 Insufficient validation of untrusted input in Cast <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11069 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:34 <p>Information published.</p> Chromium: CVE-2026-11074 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11074 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:39 <p>Information published.</p> Chromium: CVE-2026-11075 Out of bounds read in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11075 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:40 <p>Information published.</p> Chromium: CVE-2026-11076 Type Confusion in CSS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11076 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:41 <p>Information published.</p> Chromium: CVE-2026-11078 Insufficient validation of untrusted input in FileSystem <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11078 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:44 <p>Information published.</p> Chromium: CVE-2026-11079 Insufficient validation of untrusted input in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11079 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:45 <p>Information published.</p> Chromium: CVE-2026-11081 Policy bypass in Canvas <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11081 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:47 <p>Information published.</p> Chromium: CVE-2026-11084 Inappropriate implementation in Password Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11084 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:50 <p>Information published.</p> Chromium: CVE-2026-11086 Insufficient validation of untrusted input in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11086 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:53 <p>Information published.</p> Chromium: CVE-2026-11087 Uninitialized Use in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11087 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:54 <p>Information published.</p> Chromium: CVE-2026-11088 Integer overflow in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11088 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:55 <p>Information published.</p> Chromium: CVE-2026-11089 Uninitialized Use in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11089 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:56 <p>Information published.</p> Chromium: CVE-2026-11090 Uninitialized Use in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11090 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:57 <p>Information published.</p> Chromium: CVE-2026-11093 Insufficient validation of untrusted input in Printing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11093 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:00 <p>Information published.</p> Chromium: CVE-2026-11095 Insufficient validation of untrusted input in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11095 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:02 <p>Information published.</p> Chromium: CVE-2026-11096 Out of bounds read in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11096 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:03 <p>Information published.</p> Chromium: CVE-2026-11098 Insufficient validation of untrusted input in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11098 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:05 <p>Information published.</p> Chromium: CVE-2026-11099 Vulnerability in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11099 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:06 <p>Information published.</p> Chromium: CVE-2026-11100 Use after free in File Input <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11100 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:07 <p>Information published.</p> Chromium: CVE-2026-11101 Uninitialized Use in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11101 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:09 <p>Information published.</p> Chromium: CVE-2026-11102 Inappropriate implementation in Isolated Web Apps <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11102 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:10 <p>Information published.</p> Chromium: CVE-2026-11103 Inappropriate implementation in Installer <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11103 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:11 <p>Information published.</p> Chromium: CVE-2026-11105 Insufficient validation of untrusted input in WebUI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11105 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:13 <p>Information published.</p> Chromium: CVE-2026-11106 Inappropriate implementation in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11106 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:14 <p>Information published.</p> Chromium: CVE-2026-11107 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11107 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:15 <p>Information published.</p> Chromium: CVE-2026-11109 Uninitialized Use in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11109 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:17 <p>Information published.</p> Chromium: CVE-2026-11111 Out of bounds read in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11111 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:20 <p>Information published.</p> Chromium: CVE-2026-11113 Insufficient validation of untrusted input in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11113 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:22 <p>Information published.</p> Chromium: CVE-2026-11114 Use after free in Device Trust <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11114 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:23 <p>Information published.</p> Microsoft PC Manager Security Feature Bypass Vulnerability <p>Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An unauthenticated attacker is able to bypass the expected user access.</p> Microsoft PC Manager Microsoft Yes CVE-2026-49161 Improper Access Control 12441 Security Feature Bypass 12441 Important 12441 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12441 Release Notes https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US 12441 Maybe Security Update 3.21.6.0 https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US 12441 Release Notes <a href="https://bird.vin/">Xin Liu</a> with <a href="https://xxxy.lzu.edu.cn/">N05ec@LZU-DSLab</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Chromium: CVE-2026-11122 Inappropriate implementation in Keyboard <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11122 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:31 <p>Information published.</p> Chromium: CVE-2026-11123 Uninitialized Use in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11123 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:32 <p>Information published.</p> Chromium: CVE-2026-11125 Use after free in Compositing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11125 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:34 <p>Information published.</p> Chromium: CVE-2026-11126 Insufficient validation of untrusted input in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11126 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:35 <p>Information published.</p> Chromium: CVE-2026-11128 Insufficient validation of untrusted input in Web Share <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11128 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:38 <p>Information published.</p> Chromium: CVE-2026-11129 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11129 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:39 <p>Information published.</p> Chromium: CVE-2026-11133 Insufficient policy enforcement in Paint <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11133 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:44 <p>Information published.</p> Chromium: CVE-2026-11132 Policy bypass in Paint <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11132 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:42 <p>Information published.</p> Chromium: CVE-2026-11130 Use after free in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11130 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:40 <p>Information published.</p> Chromium: CVE-2026-11134 Insufficient data validation in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11134 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:44 <p>Information published.</p> Chromium: CVE-2026-11135 Insufficient policy enforcement in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11135 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:45 <p>Information published.</p> Chromium: CVE-2026-11136 Use after free in Canvas <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11136 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:46 <p>Information published.</p> Chromium: CVE-2026-11137 Uninitialized Use in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11137 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:48 <p>Information published.</p> Chromium: CVE-2026-11140 Insufficient validation of untrusted input in Chromecast <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11140 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:51 <p>Information published.</p> Chromium: CVE-2026-11139 Policy bypass in Paint <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11139 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:50 <p>Information published.</p> Chromium: CVE-2026-11138 Uninitialized Use in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11138 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:49 <p>Information published.</p> Chromium: CVE-2026-11146 Insufficient validation of untrusted input in Chromoting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11146 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:58 <p>Information published.</p> Chromium: CVE-2026-11147 Use after free in WebML <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11147 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:59 <p>Information published.</p> Chromium: CVE-2026-11141 Uninitialized Use in Audio <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11141 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:52 <p>Information published.</p> Chromium: CVE-2026-11143 Heap buffer overflow in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11143 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:55 <p>Information published.</p> Chromium: CVE-2026-11144 Use after free in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11144 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:56 <p>Information published.</p> Chromium: CVE-2026-11142 Policy bypass in Paint <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11142 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:54 <p>Information published.</p> Chromium: CVE-2026-11149 Insufficient validation of untrusted input in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11149 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:02 <p>Information published.</p> Chromium: CVE-2026-11150 Inappropriate implementation in XML <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11150 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:03 <p>Information published.</p> Chromium: CVE-2026-11151 Insufficient validation of untrusted input in Password Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11151 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:04 <p>Information published.</p> Chromium: CVE-2026-11153 Side-channel information leakage in Forms <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11153 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:06 <p>Information published.</p> Chromium: CVE-2026-11152 Object lifecycle issue in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11152 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:05 <p>Information published.</p> Chromium: CVE-2026-11154 Use after free in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11154 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:07 <p>Information published.</p> Chromium: CVE-2026-11155 Insufficient policy enforcement in CSS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11155 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:08 <p>Information published.</p> Chromium: CVE-2026-11156 Inappropriate implementation in CSS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11156 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:10 <p>Information published.</p> Chromium: CVE-2026-11157 Script injection in Accessibility <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11157 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:11 <p>Information published.</p> Chromium: CVE-2026-11159 Uninitialized Use in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11159 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:13 <p>Information published.</p> Chromium: CVE-2026-11160 Out of bounds read in Input <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11160 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:14 <p>Information published.</p> Chromium: CVE-2026-11158 Insufficient validation of untrusted input in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11158 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:12 <p>Information published.</p> Chromium: CVE-2026-11161 Insufficient data validation in DataTransfer <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11161 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:16 <p>Information published.</p> Chromium: CVE-2026-11162 Insufficient policy enforcement in CSS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11162 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:17 <p>Information published.</p> Chromium: CVE-2026-11168 Insufficient policy enforcement in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11168 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:24 <p>Information published.</p> Chromium: CVE-2026-11169 Inappropriate implementation in XML <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11169 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:25 <p>Information published.</p> Chromium: CVE-2026-11164 Use after free in Blink <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11164 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:19 <p>Information published.</p> Chromium: CVE-2026-11166 Inappropriate implementation in SVG <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11166 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:22 <p>Information published.</p> Chromium: CVE-2026-11170 Inappropriate implementation in Chromoting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11170 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:26 <p>Information published.</p> Chromium: CVE-2026-11171 Integer overflow in Blink <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11171 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:27 <p>Information published.</p> Chromium: CVE-2026-11174 Insufficient policy enforcement in Site Isolation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11174 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:31 <p>Information published.</p> Chromium: CVE-2026-11176 Inappropriate implementation in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11176 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:33 <p>Information published.</p> Chromium: CVE-2026-11173 Out of bounds write in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11173 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:30 <p>Information published.</p> Chromium: CVE-2026-11177 Use after free in Omnibox <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11177 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:34 <p>Information published.</p> Chromium: CVE-2026-11179 Inappropriate implementation in ORB <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11179 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:36 <p>Information published.</p> Chromium: CVE-2026-11180 Policy bypass in SVG <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11180 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:37 <p>Information published.</p> Chromium: CVE-2026-11182 Inappropriate implementation in SVG <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11182 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:40 <p>Information published.</p> Chromium: CVE-2026-11184 Insufficient policy enforcement in Actor <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11184 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:42 <p>Information published.</p> Chromium: CVE-2026-11181 Inappropriate implementation in Media Session <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11181 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:39 <p>Information published.</p> Chromium: CVE-2026-11185 Use after free in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11185 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:43 <p>Information published.</p> Chromium: CVE-2026-11186 Inappropriate implementation in CSS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11186 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:44 <p>Information published.</p> Chromium: CVE-2026-11187 Insufficient policy enforcement in Glic <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11187 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:45 <p>Information published.</p> Chromium: CVE-2026-11192 Insufficient validation of untrusted input in Password Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11192 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:51 <p>Information published.</p> Chromium: CVE-2026-11189 Insufficient validation of untrusted input in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11189 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:47 <p>Information published.</p> Chromium: CVE-2026-11191 Out of bounds memory access in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11191 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:50 <p>Information published.</p> Chromium: CVE-2026-11190 Insufficient policy enforcement in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11190 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:48 <p>Information published.</p> Chromium: CVE-2026-11193 Insufficient policy enforcement in Password Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11193 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:52 <p>Information published.</p> Chromium: CVE-2026-11194 Inappropriate implementation in Network <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11194 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:53 <p>Information published.</p> Chromium: CVE-2026-11196 Type Confusion in XML <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11196 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:56 <p>Information published.</p> Chromium: CVE-2026-11195 Inappropriate implementation in MHTML <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11195 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:55 <p>Information published.</p> Chromium: CVE-2026-11197 Insufficient policy enforcement in Workers <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11197 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:57 <p>Information published.</p> Chromium: CVE-2026-11198 Insufficient validation of untrusted input in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11198 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:58 <p>Information published.</p> Chromium: CVE-2026-11199 Insufficient validation of untrusted input in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11199 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:59 <p>Information published.</p> Chromium: CVE-2026-11201 Use after free in ServiceWorker <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11201 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:01 <p>Information published.</p> Chromium: CVE-2026-11203 Policy bypass in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11203 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:03 <p>Information published.</p> Chromium: CVE-2026-11200 Inappropriate implementation in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11200 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:00 <p>Information published.</p> Chromium: CVE-2026-11207 Insufficient validation of untrusted input in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11207 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:07 <p>Information published.</p> Chromium: CVE-2026-11206 Policy bypass in ServiceWorker <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11206 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:06 <p>Information published.</p> Chromium: CVE-2026-11208 Use after free in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11208 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:08 <p>Information published.</p> Chromium: CVE-2026-11209 Insufficient policy enforcement in Passwords <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11209 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:09 <p>Information published.</p> Chromium: CVE-2026-11210 Insufficient policy enforcement in Safe Browsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11210 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:10 <p>Information published.</p> Chromium: CVE-2026-11211 Integer overflow in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11211 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:12 <p>Information published.</p> Chromium: CVE-2026-11212 Insufficient policy enforcement in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11212 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:13 <p>Information published.</p> Chromium: CVE-2026-11213 Insufficient validation of untrusted input in Reading Mode <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11213 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:14 <p>Information published.</p> Chromium: CVE-2026-11216 Incorrect security UI in File Input <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11216 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:17 <p>Information published.</p> Chromium: CVE-2026-11217 Insufficient policy enforcement in Fenced Frames <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11217 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:19 <p>Information published.</p> Chromium: CVE-2026-11218 Inappropriate implementation in PlatformIntegration <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11218 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:20 <p>Information published.</p> Chromium: CVE-2026-11219 Insufficient data validation in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11219 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:21 <p>Information published.</p> Chromium: CVE-2026-11221 Insufficient validation of untrusted input in PointerLock <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11221 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:23 <p>Information published.</p> Chromium: CVE-2026-11220 Insufficient validation of untrusted input in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11220 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:22 <p>Information published.</p> Chromium: CVE-2026-11222 Incorrect security UI in Tab Strip <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11222 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:24 <p>Information published.</p> Chromium: CVE-2026-11223 Insufficient validation of untrusted input in Network <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11223 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:25 <p>Information published.</p> Chromium: CVE-2026-11224 Use after free in Chromoting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11224 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:26 <p>Information published.</p> Chromium: CVE-2026-11229 Insufficient policy enforcement in Enterprise <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11229 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:32 <p>Information published.</p> Chromium: CVE-2026-11230 Use after free in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11230 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:33 <p>Information published.</p> Chromium: CVE-2026-11231 Inappropriate implementation in Safe Browsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11231 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:34 <p>Information published.</p> Chromium: CVE-2026-11225 Incorrect security UI in WebUI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11225 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:27 <p>Information published.</p> Chromium: CVE-2026-11228 Incorrect security UI in File Input <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11228 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:31 <p>Information published.</p> Chromium: CVE-2026-11227 Incorrect security UI in Tab Hover Cards <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11227 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:30 <p>Information published.</p> Chromium: CVE-2026-11232 Inappropriate implementation in TabGroups <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11232 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:35 <p>Information published.</p> Chromium: CVE-2026-11233 Insufficient validation of untrusted input in FoldableAPIs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11233 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:36 <p>Information published.</p> Chromium: CVE-2026-11234 Insufficient policy enforcement in FoldableAPIs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11234 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:37 <p>Information published.</p> Chromium: CVE-2026-11238 Inappropriate implementation in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11238 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:41 <p>Information published.</p> Chromium: CVE-2026-11235 Insufficient validation of untrusted input in Compositing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11235 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:38 <p>Information published.</p> Chromium: CVE-2026-11237 Insufficient validation of untrusted input in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11237 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:40 <p>Information published.</p> Chromium: CVE-2026-11236 Insufficient policy enforcement in Web Bluetooth <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11236 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:39 <p>Information published.</p> Chromium: CVE-2026-11239 Insufficient validation of untrusted input in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11239 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:42 <p>Information published.</p> Chromium: CVE-2026-11240 Insufficient validation of untrusted input in Loader <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11240 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:43 <p>Information published.</p> Chromium: CVE-2026-11244 Insufficient validation of untrusted input in WebAuthentication <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11244 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:47 <p>Information published.</p> Chromium: CVE-2026-11242 Insufficient validation of untrusted input in Plugins <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11242 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:45 <p>Information published.</p> Chromium: CVE-2026-11243 Incorrect security UI in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11243 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:46 <p>Information published.</p> Chromium: CVE-2026-11241 Insufficient validation of untrusted input in Cast <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11241 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:44 <p>Information published.</p> Chromium: CVE-2026-11245 Inappropriate implementation in Payments <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11245 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:48 <p>Information published.</p> Chromium: CVE-2026-11249 Use after free in Network <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11249 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:52 <p>Information published.</p> Chromium: CVE-2026-11251 Insufficient validation of untrusted input in Password Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11251 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:55 <p>Information published.</p> Chromium: CVE-2026-11250 Inappropriate implementation in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11250 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:53 <p>Information published.</p> Chromium: CVE-2026-11248 Policy bypass in Google Lens <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11248 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:51 <p>Information published.</p> Chromium: CVE-2026-11252 Policy bypass in Content Settings <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11252 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:56 <p>Information published.</p> Chromium: CVE-2026-11246 Insufficient validation of untrusted input in IndexedDB <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11246 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:49 <p>Information published.</p> Chromium: CVE-2026-11253 Race in Permissions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11253 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:57 <p>Information published.</p> Chromium: CVE-2026-11254 Inappropriate implementation in Permissions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11254 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:58 <p>Information published.</p> Chromium: CVE-2026-11255 Insufficient validation of untrusted input in Storage Access API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11255 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:59 <p>Information published.</p> Chromium: CVE-2026-11257 Inappropriate implementation in Browser <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11257 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:01 <p>Information published.</p> Chromium: CVE-2026-11256 Out of bounds read in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11256 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:00 <p>Information published.</p> Chromium: CVE-2026-11258 Inappropriate implementation in File System Access <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11258 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:02 <p>Information published.</p> Chromium: CVE-2026-11259 Insufficient validation of untrusted input in Cast <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11259 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:03 <p>Information published.</p> Chromium: CVE-2026-11260 Policy bypass in Permissions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11260 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:04 <p>Information published.</p> Chromium: CVE-2026-11261 Insufficient validation of untrusted input in PDF <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11261 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:06 <p>Information published.</p> Chromium: CVE-2026-11262 Use after free in TabStrip <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11262 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:07 <p>Information published.</p> Chromium: CVE-2026-11265 Insufficient data validation in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11265 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:10 <p>Information published.</p> Chromium: CVE-2026-11264 Policy bypass in Content Security Policy <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11264 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:09 <p>Information published.</p> Chromium: CVE-2026-11266 Policy bypass in SafeBrowsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11266 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:11 <p>Information published.</p> Chromium: CVE-2026-11267 Insufficient policy enforcement in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11267 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:12 <p>Information published.</p> Chromium: CVE-2026-11268 Uninitialized Use in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11268 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:13 <p>Information published.</p> Chromium: CVE-2026-11269 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11269 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:14 <p>Information published.</p> Chromium: CVE-2026-11271 Incorrect security UI in Passwords <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11271 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:17 <p>Information published.</p> Chromium: CVE-2026-11273 Insufficient validation of untrusted input in Omnibox <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11273 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:19 <p>Information published.</p> Windows NTLM Spoofing Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.</p> Windows NTLM Microsoft Yes CVE-2026-50508 Exposure of Sensitive Information to an Unauthorized Actor 11923 11924 11769 12085 12086 10852 10853 10816 10855 10378 10379 10483 10543 Spoofing 11923 Spoofing 11924 Spoofing 11769 Spoofing 12085 Spoofing 12086 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11923 Important 11924 Important 11769 Important 12085 Important 12086 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11769 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11769 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 11769 5094127 5094127 https://support.microsoft.com/help/5094127 11769 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12085 12086 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12085 12086 5093998 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Jonathan Lein of TrendAI Research with https://www.zerodayinitiative.com/ 1.0 2026-06-09T07:00:00 <p>Information published.</p> Nuance PowerScribe Remote Code Execution Vulnerability <p>Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.</p> Nuance PowerScribe Microsoft Yes CVE-2026-26142 Deserialization of Untrusted Data 20638 20639 20640 20641 20642 20643 20644 20645 16745 20634 20635 20636 20637 20646 20647 20648 20649 20650 20651 20652 21376 21377 Remote Code Execution 20638 Remote Code Execution 20639 Remote Code Execution 20640 Remote Code Execution 20641 Remote Code Execution 20642 Remote Code Execution 20643 Remote Code Execution 20644 Remote Code Execution 20645 Remote Code Execution 16745 Remote Code Execution 20634 Remote Code Execution 20635 Remote Code Execution 20636 Remote Code Execution 20637 Remote Code Execution 20646 Remote Code Execution 20647 Remote Code Execution 20648 Remote Code Execution 20649 Remote Code Execution 20650 Remote Code Execution 20651 Remote Code Execution 20652 Remote Code Execution 21376 Remote Code Execution 21377 Critical 20638 Critical 20639 Critical 20640 Critical 20641 Critical 20642 Critical 20643 Critical 20644 Critical 20645 Critical 16745 Critical 20634 Critical 20635 Critical 20636 Critical 20637 Critical 20646 Critical 20647 Critical 20648 Critical 20649 Critical 20650 Critical 20651 Critical 20652 Critical 21376 Critical 21377 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20638 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20639 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20640 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20641 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20642 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20643 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20644 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20645 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16745 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20634 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20635 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20636 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20637 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20646 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20647 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20648 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20649 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20650 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20651 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20652 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21376 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21377 Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20638 Maybe Security Update 7.0.243.19 https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20638 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20639 Maybe Security Update 7.0.277.28 https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20639 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20640 Maybe Security Update 7.0.316.12 https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20640 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20641 Maybe Security Update 7.0.427.15 https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20641 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20642 Maybe Security Update 7.0.528.24 https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20642 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20643 Maybe Security Update 2019.1.96.6 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20643 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20644 Maybe Security Update 2019.2.9.11 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20644 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20645 Maybe Security Update 2019.3.16.21 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20645 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-360-Reporting-Release-Notes-for-Version-4-x 16745 Maybe Security Update 7.0.11.49 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-360-Reporting-Release-Notes-for-Version-4-x 16745 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20634 Maybe Security Update 7.0.111.68 https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20634 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20635 Maybe Security Update 7.0.154.18 https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20635 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20636 Security Update 7.0.197.10 https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20636 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20637 Maybe Security Update 7.0.212.10 https://nuance.my.site.com/NuanceHealthcareSupport/s/login/?ec=302&startURL=%2FNuanceHealthcareSupport%2Fs%2Farticle%2FPowerScribe-360-Reporting-Release-Notes-for-Version-4-x 20637 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20646 Maybe Security Update 2019.4.9.17 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20646 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20647 Maybe Security Update 2019.5.14.40 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20647 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20648 Maybe Security Update 2019.6.36.40 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20648 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20649 Maybe Security Update 2019.7.107.26 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20649 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20650 Maybe Security Update 2019.8.43.19 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20650 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20651 Maybe Security Update 2019.9.31.23 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20651 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20652 Maybe Security Update 2019.10.36.14 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-2019-Release-Notes 20652 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-Release-Notes 21376 Maybe Security Update 2023.2.3054 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-Release-Notes 21376 Release Notes Release Notes https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-Release-Notes 21377 Maybe Security Update 2023.3.9072 https://nuance.my.site.com/NuanceHealthcareSupport/s/article/PowerScribe-One-Release-Notes 21377 Release Notes <a href="https://www.linkedin.com/in/victor-morales-b52a32b3/">V&#237;ctor A. Morales</a> with <a href="https://www.gmsectec.com/">GM Sectec, Corp.</a> <a href="https://www.linkedin.com/in/janrdrz/">Jan Rodr&#237;guez</a> with <a href="https://www.gmsectec.com/">GM Sectec, Corp.</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Chromium: CVE-2026-11012 Use after free in Serial <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11012 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:28 <p>Information published.</p> Chromium: CVE-2026-11029 Insufficient validation of untrusted input in Drag and Drop <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11029 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:47 <p>Information published.</p> Chromium: CVE-2026-11045 Insufficient validation of untrusted input in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11045 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:05 <p>Information published.</p> Chromium: CVE-2026-11065 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11065 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:29 <p>Information published.</p> Chromium: CVE-2026-11072 Use after free in WebView <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11072 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:37 <p>Information published.</p> Chromium: CVE-2026-11080 Use after free in WebView <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11080 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:46 <p>Information published.</p> Chromium: CVE-2026-11082 Use after free in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11082 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:48 <p>Information published.</p> Chromium: CVE-2026-11108 Inappropriate implementation in NFC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11108 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:16 <p>Information published.</p> Chromium: CVE-2026-11119 Insufficient validation of untrusted input in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11119 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:28 <p>Information published.</p> Chromium: CVE-2026-11131 Use after free in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11131 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:41 <p>Information published.</p> Chromium: CVE-2026-11145 Race in Geolocation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11145 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:57 <p>Information published.</p> Chromium: CVE-2026-11148 Inappropriate implementation in Payments <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11148 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:00 <p>Information published.</p> Chromium: CVE-2026-11175 Incorrect security UI in Messages <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11175 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:32 <p>Information published.</p> Chromium: CVE-2026-11188 Use after free in USB <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11188 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:46 <p>Information published.</p> Chromium: CVE-2026-11226 Insufficient policy enforcement in PreviewTab <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11226 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:28 <p>Information published.</p> Chromium: CVE-2026-11263 Insufficient policy enforcement in WebAuthentication <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11263 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:08 <p>Information published.</p> Chromium: CVE-2026-11287 Insufficient validation of untrusted input in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11287 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:33 <p>Information published.</p> Chromium: CVE-2026-11295 Inappropriate implementation in WebView <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11295 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:42 <p>Information published.</p> Chromium: CVE-2026-12019 Out of bounds write  Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12019 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:40 <p>Information published.</p> Chromium: CVE-2026-12016 Insufficient validation of untrusted input  DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12016 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:36 <p>Information published.</p> Chromium: CVE-2026-12015 Use after free  Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12015 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:35 <p>Information published.</p> Chromium: CVE-2026-11628 Use after free in Ozone <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11628 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:29 <p>Information published.</p> Chromium: CVE-2026-11629 Use after free in Ozone <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11629 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:31 <p>Information published.</p> Chromium: CVE-2026-11631 Use after free in Aura <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11631 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:34 <p>Information published.</p> Chromium: CVE-2026-11630 Use after free in File Input <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11630 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:33 <p>Information published.</p> Chromium: CVE-2026-11632 Use after free in TabStrip <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11632 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:35 <p>Information published.</p> Chromium: CVE-2026-11633 Use after free in Bluetooth <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11633 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:37 <p>Information published.</p> Chromium: CVE-2026-11634 Use after free in Gamepad <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11634 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:38 <p>Information published.</p> Chromium: CVE-2026-11635 Use after free in Bluetooth <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11635 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:40 <p>Information published.</p> Chromium: CVE-2026-11639 Use after free in Compositing <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11639 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:45 <p>Information published.</p> Chromium: CVE-2026-11637 Use after free in Views <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11637 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:42 <p>Information published.</p> Chromium: CVE-2026-11636 Use after free in Autofill <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11636 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:41 <p>Information published.</p> Chromium: CVE-2026-11638 Use after free in Printing <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11638 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:44 <p>Information published.</p> Chromium: CVE-2026-11641 Use after free in Bluetooth <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11641 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:48 <p>Information published.</p> Chromium: CVE-2026-11640 Integer overflow in libyuv <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11640 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:47 <p>Information published.</p> Chromium: CVE-2026-11642 Use after free in Web Apps <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11642 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:49 <p>Information published.</p> Chromium: CVE-2026-11645 Out of bounds memory access in V8 <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11645 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:53 <p>Information published.</p> Chromium: CVE-2026-11643 Use after free in Proxy <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11643 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:50 <p>Information published.</p> Chromium: CVE-2026-11644 Use after free in Views <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11644 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:52 <p>Information published.</p> Chromium: CVE-2026-11646 Use after free in ViewTransitions <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11646 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:54 <p>Information published.</p> Chromium: CVE-2026-11657 Use after free in Payments <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11658 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:10 <p>Information published.</p> Chromium: CVE-2026-11658 Insufficient validation of untrusted input in Extensions <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11659 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:12 <p>Information published.</p> Chromium: CVE-2026-11660 Insufficient validation of untrusted input in New Tab Page <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11661 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:15 <p>Information published.</p> Chromium: CVE-2026-11661 Use after free in Views <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11662 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:16 <p>Information published.</p> Chromium: CVE-2026-11659 Insufficient validation of untrusted input in UI <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11660 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:13 <p>Information published.</p> Chromium: CVE-2026-11663 Use after free in Skia <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11664 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:19 <p>Information published.</p> Chromium: CVE-2026-11662 Type Confusion in Bindings <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11663 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:18 <p>Information published.</p> Chromium: CVE-2026-11664 Use after free in Payments <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11665 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:20 <p>Information published.</p> Chromium: CVE-2026-11665 Out of bounds read in Dawn <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11666 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:22 <p>Information published.</p> Chromium: CVE-2026-11666 Insufficient validation of untrusted input in Input <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11667 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:23 <p>Information published.</p> Chromium: CVE-2026-11668 Uninitialized Use in Codecs <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11669 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:26 <p>Information published.</p> Chromium: CVE-2026-11669 Integer overflow in Media <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11670 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:27 <p>Information published.</p> Chromium: CVE-2026-11667 Out of bounds read in WebRTC <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11668 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:24 <p>Information published.</p> Chromium: CVE-2026-11670 Use after free in PDF <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11671 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:28 <p>Information published.</p> Chromium: CVE-2026-11671 Use after free in Navigation <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11672 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:30 <p>Information published.</p> Chromium: CVE-2026-11672 Out of bounds write in GPU <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11673 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:31 <p>Information published.</p> Chromium: CVE-2026-11673 Use after free in InterestGroups <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11674 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:32 <p>Information published.</p> Chromium: CVE-2026-11675 Insufficient validation of untrusted input in Skia <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11676 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:35 <p>Information published.</p> Chromium: CVE-2026-11674 Use after free in Guest View <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11675 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:34 <p>Information published.</p> Chromium: CVE-2026-11676 Insufficient validation of untrusted input in Dawn <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11677 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:36 <p>Information published.</p> Chromium: CVE-2026-11677 Race in Network <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11678 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:37 <p>Information published.</p> Chromium: CVE-2026-11678 Integer overflow in libyuv <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11679 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:39 <p>Information published.</p> Chromium: CVE-2026-11679 Use after free in Codecs <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11680 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:40 <p>Information published.</p> Chromium: CVE-2026-11681 Use after free in Ozone <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11682 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:43 <p>Information published.</p> Chromium: CVE-2026-11682 Insufficient validation of untrusted input in Views <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11683 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:44 <p>Information published.</p> Chromium: CVE-2026-11680 Use after free in Media <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11681 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:41 <p>Information published.</p> Chromium: CVE-2026-11683 Use after free in WebCodecs <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11684 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:45 <p>Information published.</p> Chromium: CVE-2026-11684 Insufficient policy enforcement in Network <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11685 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:46 <p>Information published.</p> Chromium: CVE-2026-11687 Use after free in Dawn <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11688 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:50 <p>Information published.</p> Chromium: CVE-2026-11686 Insufficient validation of untrusted input in Dawn <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11687 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:49 <p>Information published.</p> Chromium: CVE-2026-11688 Object lifecycle issue in SVG <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11689 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:52 <p>Information published.</p> Chromium: CVE-2026-11685 Insufficient data validation in MediaCapture <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11686 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:48 <p>Information published.</p> Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11690 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:53 <p>Information published.</p> Chromium: CVE-2026-11690 Out of bounds read and write in Media <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11691 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:54 <p>Information published.</p> Chromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11692 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:55 <p>Information published.</p> Chromium: CVE-2026-11692 Use after free in Read Anything <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11693 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:57 <p>Information published.</p> Chromium: CVE-2026-11693 Inappropriate implementation in Plugins <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11694 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:58 <p>Information published.</p> Chromium: CVE-2026-11694 Use after free in ServiceWorker <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11695 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:59 <p>Information published.</p> Chromium: CVE-2026-11695 Inappropriate implementation in Passwords <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11696 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:15:01 <p>Information published.</p> Chromium: CVE-2026-11696 Uninitialized Use in Video <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11697 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:15:02 <p>Information published.</p> Chromium: CVE-2026-11697 Insufficient validation of untrusted input in UI <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11698 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:15:03 <p>Information published.</p> Chromium: CVE-2026-11698 Use after free in Bluetooth <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11699 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:15:05 <p>Information published.</p> Chromium: CVE-2026-11699 Use after free in Bluetooth <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11700 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:15:06 <p>Information published.</p> Chromium: CVE-2026-11700 Use after free in Tracing <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11701 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:15:07 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-33113 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability <p>Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker who is already signed in to the affected Microsoft Dynamics 365 (On‑Premises) system could send a specially crafted request to the vulnerable scenario‑switching page, which does not properly check permissions. By doing so, the attacker could improperly assign themselves the System Administrator role and gain full administrative control of the organization.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Microsoft Dynamics 365 (on-premises) Microsoft Yes CVE-2026-40371 Improper Handling of Insufficient Permissions or Privileges 11921 Elevation of Privilege 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11921 Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=108666 11921 Maybe Security Update 9.1.0045.0011 https://support.microsoft.com/en-us/topic/service-update-1-45-for-microsoft-dynamics-crm-on-premises-9-1-63e24664-3193-4182-a110-934ee929ce93 11921 Release Notes Kentaro Kawane with <a href="https://gmo-cybersecurity.com/">GMO Cybersecurity by Ierae, Inc.</a> f7d8c52bec79e42795cf15888b85cbad 1.1 2026-06-10T07:00:00 <p>The release notes link has been updated to point to the latest available version. Informational change only.</p> 2.0 2026-06-16T07:00:00 <p>Updated the fixed version information and download link. The fix was previously believed to be included in Dynamics 365 Server (on-premises) version 6.2; however, it has been confirmed that the fix is included in Dynamics 365 Server v9.1 (on-premises) Update 1.45 (version 9.1.0045.0011). The download link, release notes, and build number has been updated accordingly in the Updates Table.</p> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Administrator Protection Secure Feature Bypass Vulnerability <p>Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>This vulnerability could bypass Windows Administrator Protection, a security feature designed to prevent applications running with standard user permissions from performing actions that require administrator access. Successful exploitation could allow an attacker to run code with administrator privileges without the normal security checks.</p> Windows Administrator Protection Microsoft Yes CVE-2026-42829 Improper Access Control 20437 20438 12389 12390 20853 20854 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 20853 Security Feature Bypass 20854 Important 20437 Important 20438 Important 12389 Important 12390 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Antonio Cocomazzi with <a href="https://www.sentinelone.com/">SentinelOne</a> Simone Nicchi with <a href="https://www.sentinelone.com/">SentinelOne</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Teams for Android Information Disclosure Vulnerability <p>Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft Teams for Android Microsoft Yes CVE-2026-42835 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 12007 Information Disclosure 12007 Important 12007 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12007 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.teams 12007 Maybe Security Update 1.0.76.2026111302 https://play.google.com/store/apps/details?id=com.microsoft.teams 12007 Release Notes Ofek Levin Enclave with <a href="https://enclave.ai/">Enclave</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Visual Studio Code Elevation of Privilege Vulnerability <p>Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A successful attacker could obtain the permissions associated with the MCP Server’s managed identity. This may allow the attacker to access or perform actions on any resources that the managed identity is authorized to reach. The attacker does not gain broader tenant‑level or administrator permissions; only those tied to the compromised managed identity.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> Visual Studio Code Microsoft Yes CVE-2026-40376 Improper Input Validation 11622 Elevation of Privilege 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/download 11622 Maybe Security Update 1.123.2 https://code.visualstudio.com/updates/ 11622 Release Notes Adrian Frei 1.1 2026-06-10T07:00:00 <p>Updated the Security Updates Build Number and Title as the Chat extention is now merged into Visual Studio Code</p> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Excel Information Disclosure Vulnerability <p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information, (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.</p> Microsoft Office Excel Microsoft Yes CVE-2026-44822 Out-of-bounds Read 21368 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Information Disclosure 21368 Information Disclosure 10836 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10739 Information Disclosure 10740 Important 21368 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 21368 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10836 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11573 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11574 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11762 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11763 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11951 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11952 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11953 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12420 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12421 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12440 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10739 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10740 5002875 https://www.microsoft.com/en-us/download/details.aspx?id=108691 5002871 10836 Maybe Security Update 16.0.10417.20137 https://support.microsoft.com/help/5002875 10836 5002875 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002877 https://www.microsoft.com/en-us/download/details.aspx?id=108687 5002865 10739 10740 Maybe Security Update 16.0.5556.1001 https://support.microsoft.com/help/5002877 10739 10740 5002877 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-45454 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10950 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11585 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 Butterfly 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Excel Information Disclosure Vulnerability <p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2026-45455 Out-of-bounds Read 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 21368 Information Disclosure 10836 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10739 Information Disclosure 10740 Information Disclosure 21368 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Important 21368 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10836 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11573 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11574 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11762 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11763 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11951 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11952 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11953 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12420 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12421 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12440 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10739 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10740 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 21368 5002875 https://www.microsoft.com/en-us/download/details.aspx?id=108691 5002871 10836 Maybe Security Update 16.0.10417.20137 https://support.microsoft.com/help/5002875 10836 5002875 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002877 https://www.microsoft.com/en-us/download/details.aspx?id=108687 5002865 10739 10740 Maybe Security Update 16.0.5556.1001 https://support.microsoft.com/help/5002877 10739 10740 5002877 tibeuchen 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Microsoft Office Word Microsoft Yes CVE-2026-45457 Out-of-bounds Read 21368 11762 11763 11951 12440 Remote Code Execution 21368 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 12440 Important 21368 Important 11762 Important 11763 Important 11951 Important 12440 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 Click to Run 0ccbbf129444eb66344ccafb92b00df4 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Excel Security Feature Bypass Vulnerability <p>Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2026-45459 Protection Mechanism Failure 11762 11763 11951 12420 12421 12440 21368 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11951 Security Feature Bypass 12420 Security Feature Bypass 12421 Security Feature Bypass 12440 Security Feature Bypass 21368 Important 11762 Important 11763 Important 11951 Important 12420 Important 12421 Important 12440 Important 21368 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11762 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11763 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11951 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12420 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12421 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12440 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 21368 Click to Run 11762 11763 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 12420 12421 Click to Run Ron Ben Yizhak with <a href="https://www.safebreach.com/">SafeBreach</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious link and convince the user to open it.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-45462 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 Kentaro Kawane with <a href="https://gmo-cybersecurity.com/">GMO Cybersecurity by Ierae, Inc.</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>Are the updates for the Microsoft Office for Android currently available?</strong></p> <p>The security update for Microsoft Office for Android is not immediately available. The update will be released as soon as possible. When it is available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Microsoft Yes CVE-2026-45463 Integer Underflow (Wrap or Wraparound) Stack-based Buffer Overflow 21368 12155 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 21368 Remote Code Execution 12155 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 21368 Critical 12155 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002878 https://www.microsoft.com/en-us/download/details.aspx?id=108688 5002866 10753 10754 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002878 10753 10754 5002878 <a href="https://linkedin.com/in/ghirmay">Ghirmay Desta</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-45464 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-45465 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 Kentaro Kawane with <a href="https://gmo-cybersecurity.com/">GMO Cybersecurity by Ierae, Inc.</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Azure Network Adapter Elevation of Privilege Vulnerability <p>Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What do I have to do to protect myself from this vulnerability?</strong></p> <p>To help protect your systems from this vulnerability, update your <a href="https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=3985c9a56da4"> Linux kernel</a> to a version that includes the upstream fix for this issue. The fix has already been accepted upstream and will be included in newer kernel releases.</p> <p>If your environment uses a Linux distribution that has not yet incorporated the updated kernel version, you should monitor your distribution vendor’s security advisories and apply the appropriate security update as soon as it becomes available. Some distributions may release the fix immediately through security updates, while others may include it in a future kernel package or maintenance release.</p> <p>Organizations that maintain custom kernels or remain on older kernel branches may need to manually backport or apply the upstream patch according to their standard patch management and validation processes.</p> <p>As a general best practice, ensure systems are regularly updated with the latest security patches and kernel releases provided by your operating system vendor.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain ELEVATED privileges, which may allow them to perform actions beyond their original permissions.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker who already has control of the host environment could trigger a flaw in the guest driver that mishandles memory. This could allow the attacker to read sensitive information from the guest and potentially use that access to gain higher privileges within the guest system.</p> Linux MANA Driver Microsoft Yes CVE-2026-45476 Use After Free 21356 Elevation of Privilege 21356 Critical 21356 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 21356 Release Notes https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=3985c9a56da4 21356 No Security Update 7.1 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=3985c9a56da4 21356 Release Notes Vincent Yin with Microsoft Jonathan Guerin with Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability <p>Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The authentication feature could be bypassed as this vulnerability allows impersonation.</p> GitHub Copilot and Visual Studio Code Microsoft Yes CVE-2026-45482 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 16782 Security Feature Bypass 16782 Important 16782 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16782 Release Notes https://code.visualstudio.com/download 16782 Maybe Security Update 1.123.2 https://code.visualstudio.com/updates/ 16782 Release Notes Daniel Weglowski 1.0 2026-06-09T07:00:00 <p>Information published.</p> 1.1 2026-06-10T07:00:00 <p>Updated the Security Updates Build Number and Title as the Chat extention is now merged into Visual Studio Code</p> Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Collaborative Translation Framework Microsoft Yes CVE-2026-45586 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Anonymous Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> ASP.NET Core Denial of Service Vulnerability <p>Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.</p> ASP.NET Core Microsoft Yes CVE-2026-45591 Uncontrolled Resource Consumption 21437 20837 20838 20932 20839 12256 12414 12415 12416 12433 12432 12434 12507 Denial of Service 21437 Denial of Service 20837 Denial of Service 20838 Denial of Service 20932 Denial of Service 20839 Denial of Service 12256 Denial of Service 12414 Denial of Service 12415 Denial of Service 12416 Denial of Service 12433 Denial of Service 12432 Denial of Service 12434 Denial of Service 12507 Important 21437 Important 20837 Important 20838 Important 20932 Important 20839 Important 12256 Important 12414 Important 12415 Important 12416 Important 12433 Important 12432 Important 12434 Important 12507 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 21437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20837 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20838 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20932 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20839 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12256 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12414 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12415 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12416 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12433 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12432 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12434 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12507 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2026 version 18.6 21437 Maybe Security Update 18.6.3 https://learn.microsoft.com/en-us/visualstudio/releases/2026/release-notes 21437 Release Notes 5097148 https://dotnet.microsoft.com/download/dotnet/10.0 20837 20838 20932 20839 Maybe Security Update 10.0.9 https://support.microsoft.com/help/5097148 20837 20838 20932 20839 5097148 5097149 https://dotnet.microsoft.com/download/dotnet/8.0 12256 12414 12415 12416 Maybe Security Update 8.0.28 https://support.microsoft.com/help/5097149 12256 12414 12415 12416 5097149 5097150 https://dotnet.microsoft.com/download/dotnet/9.0 12433 12432 12434 12507 Maybe Security Update 9.0.17 https://support.microsoft.com/help/5097150 12433 12432 12434 12507 5097150 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Internet (wininet.dll) Elevation of Privilege Vulnerability <p>Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Internet (wininet.dll) Microsoft Yes CVE-2026-45592 Integer Overflow or Wraparound Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 5094006 5082806 10483 10543 Yes IE Cumulative 1.000 https://support.microsoft.com/help/5094006 10483 10543 5094006 anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows SDK Elevation of Privilege Vulnerability <p>Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p> Windows SDK Microsoft Yes CVE-2026-45593 Use After Free Integer Overflow or Wraparound 20854 20853 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 Elevation of Privilege 20854 Elevation of Privilege 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20854 Important 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20854 20853 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20854 20853 5095051 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 Anonymous 1.1 2026-06-09T07:00:00 <p>Updated an acknowledgement. This is an informational change only.</p> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Application Identity (AppID) Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p> Windows Application Identity (AppID) Subsystem Microsoft Yes CVE-2026-45594 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 <a href="https://x.com/dark_puzzle">Souhail Hammou</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Managed Installer Information Disclosure Vulnerability <p>Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p> Windows Application Identity (AppID) Subsystem Microsoft Yes CVE-2026-45604 Out-of-bounds Read 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 <a href="https://x.com/dark_puzzle">Souhail Hammou</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Mark of the Web Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker could host a file on an attacker-controlled server, then convince a targeted user to download and open the file. This could allow the attacker to interfere with the Mark of the Web functionality.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked#additional-information-about-mark-of-the-web">Additional information about Mark of the Web</a> for further clarification</p> Windows Mark of the Web (MOTW) Microsoft Yes CVE-2026-45595 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 20853 Security Feature Bypass 20854 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11568 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11569 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11571 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11572 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11923 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11924 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11929 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11930 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11931 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12097 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12098 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12099 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12437 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 20437 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 20438 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12242 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12243 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12389 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12390 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12436 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 20853 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 20854 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10852 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10853 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10816 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10855 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10483 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://www.linkedin.com/in/rflohil/">Rutger Flohil</a> with https://pampuna.nl/ <a href="https://www.linkedin.com/in/bobvanderstaak/">Bob van der Staak</a> with <a href="https://gripopsecurity.nl/">Grip op Security</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> UI Automation Manager (uiamanager.dll) Microsoft Yes CVE-2026-45597 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11923 11924 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11923 Important 11924 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Anonymous 1.1 2026-06-09T07:00:00 <p>Updated an acknowledgement. This is an informational change only.</p> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows UPnP Device Host Remote Code Execution Vulnerability <p>Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?</strong></p> <p>An attacker would need specific conditions to be in place (i.e. particular protocol settings, or configurations, etc.) before an attack could succeed, which reduces the likelihood of widespread or opportunistic exploitation.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could attempt to trigger the vulnerability by causing an error during the handling of specially crafted data, which may lead the affected component to incorrectly free memory it does not own. If successful, this could allow the attacker to run code in the context of the affected process.</p> Universal Plug and Play (upnp.dll) Microsoft Yes CVE-2026-45599 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 AIフィジカルインターフェイス二号機 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2026-45601 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2026-45598 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows NTFS Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user would need to mount a .vhd file to be compromised by the attacker.</p> Windows NTFS Microsoft Yes CVE-2026-45636 Heap-based Buffer Overflow Improper Input Validation 11924 11569 11929 11930 11568 11931 11923 11572 11571 12099 12098 12097 12437 20437 12242 12243 12390 12436 12389 20438 20853 20854 10816 10853 10852 10855 10483 10379 10543 10378 Remote Code Execution 11924 Remote Code Execution 11569 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11568 Remote Code Execution 11931 Remote Code Execution 11923 Remote Code Execution 11572 Remote Code Execution 11571 Remote Code Execution 12099 Remote Code Execution 12098 Remote Code Execution 12097 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 12389 Remote Code Execution 20438 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10816 Remote Code Execution 10853 Remote Code Execution 10852 Remote Code Execution 10855 Remote Code Execution 10483 Remote Code Execution 10379 Remote Code Execution 10543 Remote Code Execution 10378 Important 11924 Important 11569 Important 11929 Important 11930 Important 11568 Important 11931 Important 11923 Important 11572 Important 11571 Important 12099 Important 12098 Important 12097 Important 12437 Important 20437 Important 12242 Important 12243 Important 12390 Important 12436 Important 12389 Important 20438 Important 20853 Important 20854 Important 10816 Important 10853 Important 10852 Important 10855 Important 10483 Important 10379 Important 10543 Important 10378 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11924 11923 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11924 11923 5094128 5094128 https://support.microsoft.com/help/5094128 11924 11923 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11569 11568 11572 11571 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11569 11568 11572 11571 5094123 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12099 12098 12097 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12099 12098 12097 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12099 12098 12097 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12390 12389 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12390 12389 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10816 10853 10852 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10816 10853 10852 10855 5094122 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10379 10378 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10379 10378 5094042 Jianliang Zhao &amp; zhiniang Peng with HUST, R4nger with kunlun lab 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2026-45596 Use After Free Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Kernel-Mode Driver Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel-Mode Drivers Microsoft Yes CVE-2026-45600 Access of Resource Using Incompatible Type ('Type Confusion') 12437 20437 20438 12389 12390 12436 20854 20853 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20854 Elevation of Privilege 20853 Important 12437 Important 20437 Important 20438 Important 12389 Important 12390 Important 12436 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20854 20853 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20854 20853 5095051 hazard 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability <p>No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated user could exploit this vulnerability by sending specially crafted network traffic to a server configured for use as a Dynamic Host Configuration Protocol (DHCP) Server.</p> Windows DHCP Server Microsoft Yes CVE-2026-45602 Acceptance of Extraneous Untrusted Data With Trusted Data 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Tampering 11568 Tampering 11569 Tampering 11571 Tampering 11572 Tampering 11923 Tampering 11924 Tampering 11929 Tampering 11930 Tampering 11931 Tampering 12097 Tampering 12098 Tampering 12099 Tampering 12437 Tampering 20437 Tampering 20438 Tampering 12242 Tampering 12243 Tampering 12389 Tampering 12390 Tampering 12436 Tampering 20853 Tampering 20854 Tampering 10852 Tampering 10853 Tampering 10816 Tampering 10855 Tampering 10378 Tampering 10379 Tampering 10483 Tampering 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20853 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20854 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 1.1 2026-06-16T07:00:00 <p>Updated CWE value. This is an informational change only.</p> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows UPnP Device Host Remote Code Execution Vulnerability <p>Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?</strong></p> <p>An attacker would need specific conditions to be in place (i.e. particular protocol settings, or configurations, etc.) before an attack could succeed, which reduces the likelihood of widespread or opportunistic exploitation.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could attempt to trigger the vulnerability by causing an error during the handling of specially crafted data, which may lead the affected component to incorrectly free memory it does not own. If successful, this could allow the attacker to run code in the context of the affected process.</p> Universal Plug and Play (upnp.dll) Microsoft Yes CVE-2026-45635 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2026-45638 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/x0rb1ts">0rb1t</a> with <a href="http://www.0rb1t.top/">None</a> <a href="https://github.com/qanux">Qanux</a> with None <a href="https://x.com/x0rb1ts">0rb1t</a> wxz wisi 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2026-45603 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p>Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2026-45637 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Arjun Vasudeva with MSRC V&amp;M - Exploit Research Team 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DHCP Client Information Disclosure Vulnerability <p>Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Successful exploitation could allow an attacker to read a limited amount of information from the affected system’s memory. This information would be restricted in scope and is not expected to expose large amounts of sensitive data.</p> <p><strong>According to the CVSS metrics, exploitation results in a small loss of confidentiality (C:L), no integrity impact (I:N), and high availability impact (A:H). What does this mean?</strong></p> <p>This means that an attacker could potentially see a small amount of information they should not have access to, but they cannot change data or system settings. The primary impact is that the affected service could stop working or crash, which may temporarily disrupt normal system operations.</p> Windows DHCP Client Microsoft Yes CVE-2026-45608 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12437 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 20437 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 20438 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12389 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12390 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12436 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 20853 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 20854 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 10378 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 10379 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious link and convince the user to open it.</p> Microsoft Live Share Canvas SDK Microsoft Yes CVE-2026-45644 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 21373 Elevation of Privilege 21373 Important 21373 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21373 Release Notes https://www.npmjs.com/package/@microsoft/live-share-canvas 21373 Maybe Security Update 1.4.2 https://www.npmjs.com/package/@microsoft/live-share-canvas 21373 Release Notes Jianyang Song 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Kernel Microsoft Yes CVE-2026-45653 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Anil Chandra 1.0 2026-06-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A scope change means that successfully exploiting this vulnerability could allow an attacker to affect security protections beyond the original vulnerable component. In this case, the issue could enable a bypass of Secure Boot and exposure of Virtual Secure Mode (VSM) secrets, impacting a more highly protected security boundary rather than being limited to the initially affected boot component.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2026-45654 Improper Access Control 20853 20854 12437 20437 20438 12389 12390 12436 Security Feature Bypass 20853 Security Feature Bypass 20854 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Important 20853 Important 20854 Important 12437 Important 20437 Important 20438 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20854 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM) 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.</p> Microsoft Defender for Endpoint Microsoft Yes CVE-2026-45647 Time-of-check Time-of-use (TOCTOU) Race Condition 12014 Elevation of Privilege 12014 Important 12014 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12014 Release Notes 12014 No Security Update 101.26042.0011 https://learn.microsoft.com/en-us/defender-endpoint/mac-updates?view=o365-worldwide 12014 Release Notes <a href="https://www.linkedin.com/in/mihalis-h-551323164">Mihalis Haatainen</a> with <a href="https://bountyy.fi/">Bountyy Oy</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2026-45658 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 20853 Security Feature Bypass 20854 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Niklas Tomsic with Cparta Cyber Defense 1.0 2026-06-09T07:00:00 <p>Information published.</p> Visual Studio Code Elevation of Privilege Vulnerability <p>Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This means that a successful attack is not limited to Visual Studio Code itself, but can also affect the user’s local system, including files and settings. As a result, the impact extends beyond the application to a different security boundary, increasing the overall severity of the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have be enticed to open a malicious .code-workspace file in vscode. Users should never open anything that they do not know or trust to be safe.</p> Visual Studio Code Microsoft Yes CVE-2026-47281 Missing Authorization Missing Authentication for Critical Function Use of Hard-coded Credentials 11622 Elevation of Privilege 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/download 11622 Maybe Security Update 1.123.2 https://code.visualstudio.com/updates/ 11622 Release Notes <a href="https://bsky.app/profile/evilpacket.net">Adam Baldwin</a> with https://evilpacket.net/ 1.0 2026-06-09T07:00:00 <p>Information published.</p> Visual Studio Code Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.</p> Visual Studio Code Microsoft Yes CVE-2026-47284 Exposure of Sensitive Information to an Unauthorized Actor 11622 Information Disclosure 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/download 11622 Maybe Security Update 1.123.2 https://code.visualstudio.com/updates/ 11622 Release Notes hamayanhamayan hamayanhamayan <a href="https://www.linkedin.com/in/abhishek-kushwaha-b04341194/">Abhishek Kushwaha</a> with <a href="https://www.zeta.tech/us/">Zeta</a> <a href="https://www.linkedin.com/in/abhishek-kushwaha-b04341194/">Abhishek Kushwaha</a> with <a href="https://www.zeta.tech/us/">Zeta</a> <a href="https://github.com/jeroengui">Jeroen Gui</a> <a href="https://github.com/jeroengui">Jeroen Gui</a> <a href="https://bsky.app/profile/evilpacket.net">Adam Baldwin</a> with https://evilpacket.net/ <a href="https://x.com/arshadkazmi42">Codermak</a> Anonymous <a href="https://www.linkedin.com/in/marcelkarlsson/">whoismarcel</a> Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Office Click-To-Run Elevation of Privilege Vulnerability <p>Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Click-To-Run Microsoft Yes CVE-2026-47293 Use After Free 11573 11574 11762 11763 11952 11953 12420 12421 Elevation of Privilege 11573 Elevation of Privilege 11574 Elevation of Privilege 11762 Elevation of Privilege 11763 Elevation of Privilege 11952 Elevation of Privilege 11953 Elevation of Privilege 12420 Elevation of Privilege 12421 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 0ccbbf129444eb66344ccafb92b00df4 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability <p>Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Hotpatch Monitoring Service Microsoft Yes CVE-2026-42910 Out-of-bounds Write 12437 20437 20438 12389 12390 20853 20854 12436 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 12436 Important 12437 Important 20437 Important 20438 Important 12389 Important 12390 Important 20853 Important 20854 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 <a href="https://www.linkedin.com/in/dongjun-lee-a1505b1b1/">Dongjun Lee</a> with <a href="https://kaist-hacking.github.io/">KAIST Hacking Lab</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious link and convince the user to open it.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-47634 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 11585 11961 Spoofing 11585 Spoofing 11961 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11585 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11961 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 Jos&#233; Pedro Pereira Junior 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious link and convince the user to open it.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-47640 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> Azure Stack Edge Remote Code Execution Vulnerability <p>External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could send a specially crafted file upload request that includes a manipulated file name or path. Because the application does not properly restrict or validate this input, the attacker could cause the file to be written outside the intended folder, potentially overwriting or creating files in other locations on the system.</p> Azure Stack Edge Microsoft Yes CVE-2026-47643 External Control of File Name or Path 12093 Remote Code Execution 12093 Important 12093 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12093 Release Notes https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/updt/2026/05/release~ase-2605b.3.3.2604.3097-362231-164445779-r_gateway_servercore_host_b_softwareupdatepackage.0_7d13687cd3d939380ee04cbfe1e68e268f41fd38.exe 12093 No Security Update 3.3.2604.3097 https://learn.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-2604-release-notes 12093 Release Notes <a href="https://www.linkedin.com/in/hay-mizrachi/">Hay Mizrachi</a> with <a href="https://microsoft.com/">Microsoft</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious link and convince the user to open it.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-45481 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10950 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11585 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 P1hcn 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Elevation of Privilege Vulnerability <p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An authenticated attacker with access to the domain could perform remote code execution on the SharePoint server to elevate themselves to SharePoint admin.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-45484 Deserialization of Untrusted Data 10950 11585 11961 Elevation of Privilege 10950 Elevation of Privilege 11585 Elevation of Privilege 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 Kentaro Kawane with <a href="https://gmo-cybersecurity.com/">GMO Cybersecurity by Ierae, Inc.</a> hamayanhamayan hamayanhamayan 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Boot Manager Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A scope change means that successfully exploiting this vulnerability could allow an attacker to affect security protections beyond the original vulnerable component. In this case, the issue could enable a bypass of Secure Boot and exposure of Virtual Secure Mode (VSM) secrets, impacting a more highly protected security boundary rather than being limited to the initially affected boot component.</p> Windows Boot Manager Microsoft Yes CVE-2026-47656 Protection Mechanism Failure 11571 11572 11923 11569 11568 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12390 12389 12436 20853 20854 10852 10816 10855 10853 10379 10543 10378 10483 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11569 Security Feature Bypass 11568 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12390 Security Feature Bypass 12389 Security Feature Bypass 12436 Security Feature Bypass 20853 Security Feature Bypass 20854 Security Feature Bypass 10852 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10853 Security Feature Bypass 10379 Security Feature Bypass 10543 Security Feature Bypass 10378 Security Feature Bypass 10483 Important 11571 Important 11572 Important 11923 Important 11569 Important 11568 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12390 Important 12389 Important 12436 Important 20853 Important 20854 Important 10852 Important 10816 Important 10855 Important 10853 Important 10379 Important 10543 Important 10378 Important 10483 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 20854 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11571 11572 11569 11568 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11571 11572 11569 11568 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12390 12389 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12390 12389 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10816 10855 10853 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10816 10855 10853 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10379 10378 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10379 10378 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10543 10483 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10543 10483 5094041 Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-48560 Deserialization of Untrusted Data 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 Oleksandr Mirosh Oleksandr Mirosh 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-48562 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 4.6 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Narrator Braille Elevation of Privilege Vulnerability <p>Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How do I protect myself from this vulnerablity?</strong></p> <p>Microsoft recommends installing the latest BRLTTY feature update to help protect systems from this vulnerability. Customers can download and install BRLTTY through Windows Accessibility settings by navigating to:</p> <p>Settings → Accessibility → Narrator → Use Braille display → Download BRLTTY</p> <p>Once installed, ensure the latest available update is applied to receive the security fix and associated protections.</p> Windows Narrator Braille Microsoft Yes CVE-2026-48565 Untrusted Search Path 21438 Elevation of Privilege 21438 Important 21438 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21438 Zeeshan Shaikh (@bugzzzhunter) working with <a href="https://www.zerodayinitiative.com/">TrendAI Zero Day Initiative</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Visual Studio Code Security Feature Bypass Vulnerability <p>Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.</p> Visual Studio Code Microsoft Yes CVE-2026-48569 Improper Input Validation Relative Path Traversal 11622 Security Feature Bypass 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/download 11622 Maybe Security Update 1.123.2 https://code.visualstudio.com/updates/ 11622 Release Notes Anonymous 1.1 2026-06-10T07:00:00 <p>Updated the Security Updates Build Number and Title as the Chat extention is now merged into Visual Studio Code</p> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Media Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Windows Media Microsoft Yes CVE-2026-48574 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 cyanbamboo and b2ahex Anonymous <a href="https://x.com/hareh4ru">Kyeongmin Kim (@hareh4ru)</a> with <a href="https://kaist-hacking.github.io/">KAIST Hacking Lab</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> HTTP.sys Denial of Service Vulnerability <p>Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.</p> <p><strong>What actions should I take to help protect my devices from this vulnerability?</strong></p> <p>Install the June 2026 Windows security updates listed in the Security Updates table. These updates enable the protections Microsoft released for this CVE.</p> <p>As part of these updates, Microsoft also introduced a new <strong>MaxHeadersCount</strong> registry setting. This setting allows you to limit the number of headers included in HTTP/2 and HTTP/3 requests that are accepted by the HTTP server. For more information, see <a href="https://support.microsoft.com/en-us/topic/084da156-7a99-4abf-b759-f973c35eded3">KB5102602</a>.</p> HTTP/2 Microsoft Yes CVE-2026-49160 Uncontrolled Resource Consumption 11572 11568 11929 11930 11931 11924 12097 12098 12437 12099 20437 20438 12242 12243 12389 12390 20853 20854 12436 10852 10853 10816 10855 11569 11923 11571 Denial of Service 11572 Denial of Service 11568 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 11924 Denial of Service 12097 Denial of Service 12098 Denial of Service 12437 Denial of Service 12099 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12389 Denial of Service 12390 Denial of Service 20853 Denial of Service 20854 Denial of Service 12436 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 11569 Denial of Service 11923 Denial of Service 11571 Important 11572 Important 11568 Important 11929 Important 11930 Important 11931 Important 11924 Important 12097 Important 12098 Important 12437 Important 12099 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 20853 Important 20854 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 11569 Important 11923 Important 11571 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20854 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11572 11568 11569 11571 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11572 11568 11569 11571 5094123 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11924 11923 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11924 11923 5094128 5094128 https://support.microsoft.com/help/5094128 11924 11923 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 Quang Luong of Calif.io in collaboration with Codex with <a href="https://www.calif.io/">Calif.io</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Chromium: CVE-2026-10882 Use after free in Network <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10882 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:00 <p>Information published.</p> Chromium: CVE-2026-10886 Use after free in FileSystem <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10886 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:04 <p>Information published.</p> Chromium: CVE-2026-10891 Use after free in GFX <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10891 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:10 <p>Information published.</p> Chromium: CVE-2026-10893 Use after free in Chromoting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10893 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:12 <p>Information published.</p> Chromium: CVE-2026-10894 Use after free in Printing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10894 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:14 <p>Information published.</p> Chromium: CVE-2026-10901 Use after free in Passwords <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10901 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:21 <p>Information published.</p> Chromium: CVE-2026-10902 Use after free in Ozone <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10902 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:22 <p>Information published.</p> Chromium: CVE-2026-10904 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10904 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:25 <p>Information published.</p> Chromium: CVE-2026-10905 Use after free in Network <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10905 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:26 <p>Information published.</p> Chromium: CVE-2026-10906 Use after free in WebAuthentication <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10906 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:27 <p>Information published.</p> Chromium: CVE-2026-10907 Out of bounds write in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10907 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:29 <p>Information published.</p> Chromium: CVE-2026-10913 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10913 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:36 <p>Information published.</p> Chromium: CVE-2026-10917 Insufficient validation of untrusted input in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10917 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:40 <p>Information published.</p> Chromium: CVE-2026-10920 Insufficient validation of untrusted input in WebShare <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10920 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:43 <p>Information published.</p> Chromium: CVE-2026-10926 Use after free in Cast <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10926 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:50 <p>Information published.</p> Chromium: CVE-2026-10930 Out of bounds read in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10930 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:54 <p>Information published.</p> Chromium: CVE-2026-10937 Inappropriate implementation in Passwords <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10937 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:03 <p>Information published.</p> Chromium: CVE-2026-10938 Insufficient validation of untrusted input in Input <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10938 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:04 <p>Information published.</p> Chromium: CVE-2026-10945 Use after free in PDF <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10945 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:12 <p>Information published.</p> Chromium: CVE-2026-10948 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10948 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:16 <p>Information published.</p> Chromium: CVE-2026-10955 Type Confusion in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10955 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:25 <p>Information published.</p> Chromium: CVE-2026-10963 Integer overflow in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10963 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:34 <p>Information published.</p> Chromium: CVE-2026-10968 Insufficient validation of untrusted input in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10968 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:39 <p>Information published.</p> Chromium: CVE-2026-10979 Out of bounds read in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10979 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:51 <p>Information published.</p> Chromium: CVE-2026-10980 Insufficient validation of untrusted input in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10980 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:52 <p>Information published.</p> Chromium: CVE-2026-10985 Out of bounds read in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10985 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:58 <p>Information published.</p> Chromium: CVE-2026-10986 Integer overflow in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10986 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:59 <p>Information published.</p> Chromium: CVE-2026-10987 Integer overflow in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10987 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:00 <p>Information published.</p> Chromium: CVE-2026-10988 Use after free in Views <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10988 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:01 <p>Information published.</p> Chromium: CVE-2026-10999 Out of bounds memory access in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10999 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:13 <p>Information published.</p> Chromium: CVE-2026-11001 Incorrect security UI in Payments <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11001 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:15 <p>Information published.</p> Chromium: CVE-2026-11002 Use after free in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11002 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:16 <p>Information published.</p> Chromium: CVE-2026-11003 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11003 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:17 <p>Information published.</p> Chromium: CVE-2026-11004 Out of bounds read in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11004 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:18 <p>Information published.</p> Chromium: CVE-2026-11005 Out of bounds read in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11005 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:20 <p>Information published.</p> Chromium: CVE-2026-11011 Insufficient policy enforcement in Password Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11011 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:27 <p>Information published.</p> Chromium: CVE-2026-11014 Insufficient policy enforcement in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11014 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:30 <p>Information published.</p> Chromium: CVE-2026-11017 Inappropriate implementation in Link Preview <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11017 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:34 <p>Information published.</p> Chromium: CVE-2026-11018 Insufficient policy enforcement in Actor <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11018 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:35 <p>Information published.</p> Chromium: CVE-2026-11023 Insufficient validation of untrusted input in WebAppInstalls <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11023 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:40 <p>Information published.</p> Chromium: CVE-2026-11025 Insufficient policy enforcement in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11025 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:43 <p>Information published.</p> Chromium: CVE-2026-11026 Insufficient policy enforcement in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11026 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:44 <p>Information published.</p> Chromium: CVE-2026-11027 Insufficient validation of untrusted input in Glic <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11027 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:45 <p>Information published.</p> Chromium: CVE-2026-11030 Use after free in Network <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11030 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:48 <p>Information published.</p> Chromium: CVE-2026-11031 Insufficient validation of untrusted input in Password Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11031 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:50 <p>Information published.</p> Chromium: CVE-2026-11032 Insufficient data validation in Password Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11032 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:51 <p>Information published.</p> Chromium: CVE-2026-11039 Uninitialized Use in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11039 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:59 <p>Information published.</p> Chromium: CVE-2026-11042 Use after free in Views <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11042 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:02 <p>Information published.</p> Chromium: CVE-2026-11043 Out of bounds write in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11043 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:03 <p>Information published.</p> Chromium: CVE-2026-11054 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11054 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:16 <p>Information published.</p> Chromium: CVE-2026-11062 Insufficient policy enforcement in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11062 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:25 <p>Information published.</p> Chromium: CVE-2026-11063 Insufficient validation of untrusted input in WebNN <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11063 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:26 <p>Information published.</p> Chromium: CVE-2026-11066 Insufficient validation of untrusted input in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11066 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:30 <p>Information published.</p> Chromium: CVE-2026-11068 Use after free in WebSockets <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11068 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:33 <p>Information published.</p> Chromium: CVE-2026-11070 Insufficient validation of untrusted input in Chromoting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11070 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:35 <p>Information published.</p> Chromium: CVE-2026-11071 Use after free in Base <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11071 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:36 <p>Information published.</p> Chromium: CVE-2026-11073 Use after free in WebGL <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11073 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:38 <p>Information published.</p> Chromium: CVE-2026-11083 Inappropriate implementation in Password Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11083 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:49 <p>Information published.</p> Chromium: CVE-2026-11085 Integer overflow in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11085 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:51 <p>Information published.</p> Chromium: CVE-2026-11091 Inappropriate implementation in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11091 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:58 <p>Information published.</p> Chromium: CVE-2026-11092 Insufficient policy enforcement in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11092 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:59 <p>Information published.</p> Chromium: CVE-2026-11094 Use after free in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11094 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:01 <p>Information published.</p> Chromium: CVE-2026-11104 Uninitialized Use in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11104 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:12 <p>Information published.</p> Chromium: CVE-2026-11110 Uninitialized Use in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11110 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:18 <p>Information published.</p> Chromium: CVE-2026-11112 Insufficient validation of untrusted input in Chromoting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11112 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:21 <p>Information published.</p> Chromium: CVE-2026-11115 Use after free in Updater <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11115 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:24 <p>Information published.</p> Chromium: CVE-2026-11116 Use after free in Chromoting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11116 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:25 <p>Information published.</p> Chromium: CVE-2026-11117 Use after free in Views <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11117 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:26 <p>Information published.</p> Chromium: CVE-2026-11118 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11118 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:27 <p>Information published.</p> Chromium: CVE-2026-11120 Insufficient validation of untrusted input in Enterprise Reporting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11120 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:29 <p>Information published.</p> Chromium: CVE-2026-11121 Insufficient validation of untrusted input in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11121 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:30 <p>Information published.</p> Chromium: CVE-2026-11124 Heap buffer overflow in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11124 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:33 <p>Information published.</p> Chromium: CVE-2026-11275 Insufficient policy enforcement in Page Info <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11275 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:21 <p>Information published.</p> Chromium: CVE-2026-11276 Inappropriate implementation in Cast <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11276 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:22 <p>Information published.</p> Chromium: CVE-2026-11283 Policy bypass in Shortcuts <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11283 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:29 <p>Information published.</p> Chromium: CVE-2026-11284 Side-channel information leakage in PerformanceAPIs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11284 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:30 <p>Information published.</p> Chromium: CVE-2026-11282 Policy bypass in Sandbox <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11282 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:28 <p>Information published.</p> Chromium: CVE-2026-11281 Integer overflow in Chromoting <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11281 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:27 <p>Information published.</p> Chromium: CVE-2026-11279 Out of bounds read in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11279 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:25 <p>Information published.</p> Chromium: CVE-2026-11286 Insufficient validation of untrusted input in Wallet <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11286 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:32 <p>Information published.</p> Chromium: CVE-2026-11288 Policy bypass in CSS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11288 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:34 <p>Information published.</p> Chromium: CVE-2026-11292 Policy bypass in Blink <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11292 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:39 <p>Information published.</p> Chromium: CVE-2026-11289 Side-channel information leakage in Paint <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11289 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:35 <p>Information published.</p> Chromium: CVE-2026-11294 Inappropriate implementation in Passwords <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11294 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:41 <p>Information published.</p> Chromium: CVE-2026-11293 Use after free in Input <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11293 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:40 <p>Information published.</p> Chromium: CVE-2026-11296 Inappropriate implementation in ImageCapture <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11296 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:43 <p>Information published.</p> Chromium: CVE-2026-11299 Out of bounds read in Fonts <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11299 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:46 <p>Information published.</p> Chromium: CVE-2026-11300 Inappropriate implementation in Permissions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11300 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:47 <p>Information published.</p> Chromium: CVE-2026-11301 Out of bounds read in LiveCaption <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11301 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:48 <p>Information published.</p> Chromium: CVE-2026-11303 Use after free in PDFium <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11303 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:51 <p>Information published.</p> Chromium: CVE-2026-11304 Use after free in PDFium <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11304 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:52 <p>Information published.</p> Chromium: CVE-2026-11305 Use after free in PDFium <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11305 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:53 <p>Information published.</p> Chromium: CVE-2026-11306 Use after free in PDFium <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11306 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:55 <p>Information published.</p> Chromium: CVE-2026-11309 Insufficient policy enforcement in History <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11309 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:57 <p>Information published.</p> Chromium: CVE-2026-11308 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11308 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:57 <p>Information published.</p> Chromium: CVE-2026-11307 Use after free in PDFium <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.52</td> <td>06/05/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11307 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-05T07:00:55 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2026-50507 Missing Authentication for Critical Function 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 20437 Security Feature Bypass 20438 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 20853 Security Feature Bypass 20854 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12097 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12098 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12099 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12437 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 20437 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 20438 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12242 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12243 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12389 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12390 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12436 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 20853 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 20854 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 6.8 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12437 12389 12390 12436 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12437 12389 12390 12436 5094126 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft PC Manager Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> Microsoft PC Manager Microsoft Yes CVE-2026-50511 Improper Link Resolution Before File Access ('Link Following') 12441 Elevation of Privilege 12441 Important 12441 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12441 Release Notes https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US 12441 Maybe Security Update 3.21.6.0 https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US 12441 Release Notes <a href="https://bird.vin/">Xin Liu</a> with <a href="https://xxxy.lzu.edu.cn/">N05ec@LZU-DSLab</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft PC Manager Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> Microsoft PC Manager Microsoft Yes CVE-2026-50512 Missing Authentication for Critical Function 12441 Elevation of Privilege 12441 Important 12441 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12441 Release Notes https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US 12441 Maybe Security Update 3.21.6.0 https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US 12441 Release Notes <a href="https://bird.vin/">Xin Liu</a> with <a href="https://xxxy.lzu.edu.cn/">N05ec@LZU-DSLab</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Chromium: CVE-2026-11297 Insufficient validation of untrusted input in Reader Mode <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11297 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:44 <p>Information published.</p> Chromium: CVE-2026-10883 Out of bounds write in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10883 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:01 <p>Information published.</p> Chromium: CVE-2026-10892 Out of bounds write in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10892 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:11 <p>Information published.</p> Chromium: CVE-2026-10923 Use after free in WebAppInstalls <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10923 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:46 <p>Information published.</p> Chromium: CVE-2026-10929 Heap buffer overflow in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10929 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:53 <p>Information published.</p> Chromium: CVE-2026-10934 Use after free in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10934 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:59 <p>Information published.</p> Chromium: CVE-2026-10953 Use after free in Core <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10953 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:22 <p>Information published.</p> Chromium: CVE-2026-10959 Use after free in Input <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10959 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:30 <p>Information published.</p> Chromium: CVE-2026-10967 Use after free in SurfaceCapture <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-10967 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:38 <p>Information published.</p> Chromium: CVE-2026-11007 Insufficient validation of untrusted input in WebView <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11007 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:22 <p>Information published.</p> Chromium: CVE-2026-11010 Use after free in WebShare <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11010 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:25 <p>Information published.</p> Chromium: CVE-2026-11019 Inappropriate implementation in Payments <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11019 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:36 <p>Information published.</p> Chromium: CVE-2026-11034 Insufficient validation of untrusted input in Tab Group Sync <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11034 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:53 <p>Information published.</p> Chromium: CVE-2026-11064 Uninitialized Use in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11064 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:28 <p>Information published.</p> Chromium: CVE-2026-11077 Out of bounds read in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11077 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:42 <p>Information published.</p> Chromium: CVE-2026-11127 Inappropriate implementation in WebAPKs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11127 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:36 <p>Information published.</p> Chromium: CVE-2026-11163 Use after free in Messages <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11163 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:18 <p>Information published.</p> Chromium: CVE-2026-11167 Inappropriate implementation in WebView <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11167 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:23 <p>Information published.</p> Chromium: CVE-2026-11172 Incorrect security UI in Contact Picker <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11172 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:29 <p>Information published.</p> Chromium: CVE-2026-11215 Inappropriate implementation in Cronet <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11215 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:16 <p>Information published.</p> Chromium: CVE-2026-11247 Insufficient policy enforcement in CustomTabs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11247 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:50 <p>Information published.</p> Chromium: CVE-2026-11270 Inappropriate implementation in UI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11270 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:16 <p>Information published.</p> Chromium: CVE-2026-11278 Inappropriate implementation in CustomTabs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11278 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:24 <p>Information published.</p> Chromium: CVE-2026-11290 Integer overflow in WebView <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11290 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:36 <p>Information published.</p> Chromium: CVE-2026-11035 Insufficient validation of untrusted input in Custom Tabs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11035 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:54 <p>Information published.</p> Chromium: CVE-2026-11097 Inappropriate implementation in WebView <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.53</td> <td>06/09/2026</td> <td>149.0.7827.54</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11097 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-09T07:00:04 <p>Information published.</p> Chromium: CVE-2026-12018 Inappropriate implementation  Mojo <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12018 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:38 <p>Information published.</p> Chromium: CVE-2026-12007 Use after free  Core <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12007 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:24 <p>Information published.</p> Chromium: CVE-2026-12017 Insufficient validation of untrusted input  Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12017 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:37 <p>Information published.</p> Chromium: CVE-2026-12014 Use after free  Cast <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12014 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:33 <p>Information published.</p> Chromium: CVE-2026-12013 Use after free  Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12013 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:32 <p>Information published.</p> Chromium: CVE-2026-12010 Heap buffer overflow  GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12010 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:29 <p>Information published.</p> Chromium: CVE-2026-12009 Insufficient validation of untrusted input  Accessibility <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12009 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:27 <p>Information published.</p> Chromium: CVE-2026-11647 Use after free in Printing <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11648 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:56 <p>Information published.</p> Chromium: CVE-2026-11648 Use after free in FullScreen <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11649 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:57 <p>Information published.</p> Chromium: CVE-2026-11651 Use after free in Network <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11652 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:01 <p>Information published.</p> Chromium: CVE-2026-11649 Use after free in V8 <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11650 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:13:58 <p>Information published.</p> Chromium: CVE-2026-11652 Use after free in Extensions <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11653 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:03 <p>Information published.</p> Chromium: CVE-2026-11650 Use after free in V8 <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11651 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:00 <p>Information published.</p> Chromium: CVE-2026-11653 Insufficient validation of untrusted input in Extensions <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11654 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:04 <p>Information published.</p> Chromium: CVE-2026-11654 Use after free in CameraCapture <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11655 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:06 <p>Information published.</p> Chromium: CVE-2026-11656 Use after free in ServiceWorker <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11657 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:09 <p>Information published.</p> Chromium: CVE-2026-11655 Integer overflow in Media <p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.62</td> <td>06/15/2026</td> <td>149.0.7827.103</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-11656 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.62 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T19:14:07 <p>Information published.</p> Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Function Discovery Service (fdwsd.dll) Microsoft Yes CVE-2026-42836 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11571 11572 11923 11924 11569 11931 11929 11930 12097 12099 12437 12098 20437 20438 12242 12243 12389 12390 20853 12436 20854 10816 10852 10853 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11569 Elevation of Privilege 11931 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 12097 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12098 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 20853 Elevation of Privilege 12436 Elevation of Privilege 20854 Elevation of Privilege 10816 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11571 Important 11572 Important 11923 Important 11924 Important 11569 Important 11931 Important 11929 Important 11930 Important 12097 Important 12099 Important 12437 Important 12098 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 20853 Important 12436 Important 20854 Important 10816 Important 10852 Important 10853 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11571 11572 11569 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11571 11572 11569 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11931 11929 11930 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11931 11929 11930 5094127 5094127 https://support.microsoft.com/help/5094127 11931 11929 11930 12097 12099 12098 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12099 12098 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12099 12098 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10816 10852 10853 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10816 10852 10853 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 AIフィジカルインターフェイス二号機 AIフィジカルインターフェイス二号機 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Projected File System Elevation of Privilege Vulnerability <p>Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Projected File System Filter Driver Microsoft Yes CVE-2026-42837 Out-of-bounds Read 11572 11929 11930 11924 11923 11931 11571 11569 11568 12097 12098 12099 20438 20437 12437 12243 12390 12436 12389 12242 20853 20854 Elevation of Privilege 11572 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11924 Elevation of Privilege 11923 Elevation of Privilege 11931 Elevation of Privilege 11571 Elevation of Privilege 11569 Elevation of Privilege 11568 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12437 Elevation of Privilege 12243 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 12389 Elevation of Privilege 12242 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11572 Important 11929 Important 11930 Important 11924 Important 11923 Important 11931 Important 11571 Important 11569 Important 11568 Important 12097 Important 12098 Important 12099 Important 20438 Important 20437 Important 12437 Important 12243 Important 12390 Important 12436 Important 12389 Important 12242 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11572 11571 11569 11568 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11572 11571 11569 11568 5094123 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11924 11923 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11924 11923 5094128 5094128 https://support.microsoft.com/help/5094128 11924 11923 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20438 20437 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20438 20437 5094126 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12243 12242 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12243 12242 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12390 12389 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12390 12389 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 <a href="https://smlijun.github.io/">DongJun Kim</a> with <a href="https://www.enki.co.kr/">Enki WhiteHat</a> GwanHyun Lee <a href="https://twitter.com/ranchoice">RanchoIce</a> <a href="https://github.com/zeze-zeze">Zeze</a> with <a href="https://www.txone.com/">TXOne</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Kerberos Denial of Service Vulnerability <p>Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.</p> Windows Kerberos Microsoft Yes CVE-2026-42903 NULL Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 20853 Denial of Service 20854 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20854 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/4ndr3w6s">Andrew Schwartz</a> with Huntress Labs 1.1 2026-06-10T07:00:00 <p>Updated an acknowledgement. This is an informational change only.</p> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows TCP/IP Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> Windows TCP/IP Microsoft Yes CVE-2026-42904 Heap-based Buffer Overflow 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 9.6 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 <a href="https://x.com/_patchpoint_">Donghyeon Oh</a> with <a href="https://patchpoint.io/">Patchpoint</a> Jonghoi Kim 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2026-42905 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://www.linkedin.com/in/boolgombear/">Minjea Park</a>, Jmini and ji9umi with <a href="https://www.stealien.com/">Stealien</a> 1.1 2026-06-09T07:00:00 <p>Updated an acknowledgement. This is an informational change only.</p> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Shell Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p> Windows Shell Microsoft Yes CVE-2026-42906 Exposure of Sensitive Information to an Unauthorized Actor 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Shell Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p> Windows Shell Microsoft Yes CVE-2026-42907 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability <p>Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p> Windows RDP Microsoft Yes CVE-2026-42908 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 12457 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 12457 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 12457 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12457 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Maybe Security Update 2.0.1193.0 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 pwn2addr 1.0 2026-06-09T07:00:00 <p>Information published.</p> NT OS Kernel Elevation of Privilege Vulnerability <p>Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows NT OS Kernel Microsoft Yes CVE-2026-42980 Integer Underflow (Wrap or Wraparound) Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 10852 10853 10816 10855 10378 10379 10483 10543 20854 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 20854 Elevation of Privilege 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20854 20853 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20854 20853 5095051 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Remote Desktop Client Microsoft Yes CVE-2026-42909 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11849 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 12457 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12457 Important 11568 Important 11569 Important 11571 Important 11572 Important 11849 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 12457 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12457 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Maybe Security Update 1.2.7214.0 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Release Notes 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Maybe Security Update 2.0.1193.0 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 pwn2addr 1.0 2026-06-09T07:00:00 <p>Information published.</p> NT OS Kernel Elevation of Privilege Vulnerability <p>Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows NT OS Kernel Microsoft Yes CVE-2026-42916 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://bsky.app/profile/hexnomad.bsky.social">Erik Egsgard</a> with <a href="https://fieldeffect.com/">Field Effect</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2026-42911 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Remote Desktop Client Microsoft Yes CVE-2026-42913 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11849 11923 11924 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Important 11849 Important 11923 Important 11924 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Maybe Security Update 1.2.7214.0 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Release Notes 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 pwn2addr 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Telephony Service Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Telephony Service Microsoft Yes CVE-2026-42912 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://smlijun.github.io/">DongJun Kim</a> with <a href="https://www.enki.co.kr/">Enki WhiteHat</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Kerberos Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?</strong></p> <p>An attacker would need specific conditions to be in place (i.e. particular protocol settings, or configurations, etc.) before an attack could succeed, which reduces the likelihood of widespread or opportunistic exploitation.</p> Windows Kerberos Microsoft Yes CVE-2026-42914 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 20853 Denial of Service 20854 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20853 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20854 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Microsoft <a href="https://x.com/4ndr3w6s">Andrew Schwartz</a> with Huntress Labs and Charlie Clark 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Telephony Server Information Disclosure Vulnerability <p>Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p> Windows Telephony Service Microsoft Yes CVE-2026-42968 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 wxz Diffract <a href="https://www.z1r0.top/">z1r0</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Hyper-V Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.</p> Role: Windows Hyper-V Microsoft Yes CVE-2026-42972 Exposure of Sensitive Information to an Unauthorized Actor 11569 11571 11572 11923 11924 11931 12097 12437 20437 20438 12242 12243 12389 12390 12436 10853 10816 10855 10378 10379 10483 10543 20854 20853 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 20854 Information Disclosure 20853 Information Disclosure 20853 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12097 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 20854 Important 20853 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11931 12097 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20854 20853 20853 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20854 20853 20853 5095051 <a href="https://smlijun.github.io/">DongJun Kim</a> with <a href="https://www.enki.co.kr/">Enki WhiteHat</a> 0ccbbf129444eb66344ccafb92b00df4 cyanbamboo and b2ahex Ahmad Abdillah bin Zaini 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Push Notification Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Windows Push Notifications Microsoft Yes CVE-2026-42969 Use of Uninitialized Resource 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Push Notification Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Windows Push Notifications Microsoft Yes CVE-2026-42971 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Push Notification Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Windows Push Notifications Microsoft Yes CVE-2026-42970 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Push Notification Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Windows Push Notifications Microsoft Yes CVE-2026-42973 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 20853 Information Disclosure 20854 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2026-42984 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20854 20853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20854 Elevation of Privilege 20853 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20854 Important 20853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20854 20853 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20854 20853 5095051 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a> <a href="https://linkedin.com/in/hwiwonlee">Hwiwon Lee (hwiwonl), SEC-agent team</a> Younggi Park (grill66), SEC-agent team 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Performance Monitor Remote Code Execution Vulnerability <p>Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> Windows Performance Monitor Microsoft Yes CVE-2026-42981 Integer Underflow (Wrap or Wraparound) 11923 11924 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Important 11923 Important 11924 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Thanatos Tian (HKPolyU) with Diffract &amp; @2st__ with Diffract 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Performance Monitor Remote Code Execution Vulnerability <p>Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> Windows Performance Monitor Microsoft Yes CVE-2026-42974 Integer Overflow or Wraparound 11923 11924 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Important 11923 Important 11924 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Thanatos Tian (PolyU) with Diffract, @2st___ of Diffract and Zhiniang Peng with HUST Thanatos Tian (PolyU) with Diffract, @2st___ of Diffract and Zhiniang Peng with HUST 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Graphics Component Elevation of Privilege Vulnerability <p>Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2026-42986 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Push Notifications Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Windows Push Notifications Microsoft Yes CVE-2026-42978 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Yun Cong 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Push Notifications Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Windows Push Notifications Microsoft Yes CVE-2026-42977 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Yun Cong 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Push Notifications Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Windows Push Notifications Microsoft Yes CVE-2026-42979 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Yun Cong 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Push Notifications Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Windows Push Notifications Microsoft Yes CVE-2026-42991 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Yun Cong 1.0 2026-06-09T07:00:00 <p>Information published.</p> Winlogon Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Winlogon Microsoft Yes CVE-2026-42989 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 Malvarez with TeamA <a href="https://x.com/cplearns2h4ck">Chen Le Qi (@cplearns2h4ck)</a> with <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Common Log File System Driver Microsoft Yes CVE-2026-44809 Use After Free 12437 20437 20438 12436 12389 12390 20853 20854 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12436 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 12437 Important 20437 Important 20438 Important 12436 Important 12389 Important 12390 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Puneeth 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft Cryptographic Services Elevation of Privilege Vulnerability <p>Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cryptographic Services Microsoft Yes CVE-2026-44810 Improper Authentication 11923 11924 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Critical 11923 Critical 11924 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Anonymous 1.0 2026-06-09T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Remote Desktop Client Microsoft Yes CVE-2026-42992 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 12457 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 12457 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 12457 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12457 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Maybe Security Update 2.0.1193.0 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 <a href="https://x.com/hareh4ru">Kyeongmin Kim (@hareh4ru)</a> with <a href="https://kaist-hacking.github.io/">KAIST Hacking Lab</a> pwn2addr 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Network Controller (NC) Host Agent Denial of Service Vulnerability <p>Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.</p> Windows Network Controller (NC) Host Agent Microsoft Yes CVE-2026-44805 Use After Free Untrusted Pointer Dereference 11571 11572 11923 11924 12437 12436 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12436 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 Microsoft Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2026-44811 Heap-based Buffer Overflow Improper Input Validation 20853 20854 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 <a href="https://mylostchristmas.tistory.com/20">Seung Chan Kim</a> Owen McCullough with Microsoft Thanatos Tian (HKPolyU) &amp; PB18 &amp; @2st__ with Diffract 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2026-44808 Heap-based Buffer Overflow Out-of-bounds Read 20853 20854 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Owen McCullough with Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2026-44807 Use After Free 20853 20854 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Owen McCullough with Microsoft 1.0 2026-06-09T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Remote Desktop Client Microsoft Yes CVE-2026-44799 Heap-based Buffer Overflow 11568 11569 11571 11572 11849 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 12457 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12457 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11849 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 12457 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12457 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Maybe Security Update 1.2.7214.0 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Release Notes 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Maybe Security Update 2.0.1193.0 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 <a href="https://x.com/hareh4ru">Kyeongmin Kim (@hareh4ru)</a> with <a href="https://kaist-hacking.github.io/">KAIST Hacking Lab</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> DHCP Client Service Remote Code Execution Vulnerability <p>Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker can exploit this by setting up a Dynamic Host Configuration Protocol (DHCP) Server on the network and responding to a request of information from DHCP client</p> Windows DHCP Client Microsoft Yes CVE-2026-44815 Stack-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <p><strong>What can customers do to mitigate this vulnerability?</strong></p> <p>Customers can reduce exposure by keeping the DHCP Client service enabled while avoiding use of the DhcpGetOriginalSubnetMask API. In this scenario, a malicious DHCP server may provide crafted data, but the data is not used unless that API is called.</p> <p>To help reduce exposure, customers can:</p> <ol> <li>Keep the DHCP Client service enabled so systems can continue to obtain network configuration normally.</li> <li>Review applications or components that call the DhcpGetOriginalSubnetMask API.</li> <li>Update or reconfigure those applications to avoid calling the API where possible.</li> <li>Follow vendor or product guidance for any updates that address this behavior.</li> </ol> Milan Justel with Microsoft <a href="https://www.linkedin.com/in/brandon-fisher-666bb01b8">Brandon Fisher</a> <a href="https://www.linkedin.com/in/brandon-fisher-666bb01b8">Brandon Fisher</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2026-42983 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Arjun Vasudeva with MSRC V&amp;M - Exploit Research Team 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2026-44802 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Arjun with MSRC Vulnerabilities &amp; Mitigations 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DWM Core Library Information Disclosure Vulnerability <p>Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows DWM Core Library Microsoft Yes CVE-2026-44814 Out-of-bounds Read Heap-based Buffer Overflow 20853 20854 Information Disclosure 20853 Information Disclosure 20854 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20854 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Owen McCullough with Microsoft <a href="https://mylostchristmas.tistory.com/20">Seung Chan Kim</a> yhw &amp; txz 1.0 2026-06-09T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Remote Desktop Client Microsoft Yes CVE-2026-44801 Use After Free 11568 11569 11571 11572 11849 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 12457 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12457 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11849 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 12457 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12457 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Maybe Security Update 1.2.7214.0 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Release Notes 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Maybe Security Update 2.0.1193.0 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 <a href="https://x.com/hareh4ru">Kyeongmin Kim (@hareh4ru)</a> with <a href="https://kaist-hacking.github.io/">KAIST Hacking Lab</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Remote Desktop Client Microsoft Yes CVE-2026-42985 Use After Free 12457 11568 11569 11571 11572 11849 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 12457 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 12457 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11849 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12457 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Maybe Security Update 2.0.1193.0 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Maybe Security Update 1.2.7214.0 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Release Notes 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 <a href="https://x.com/hareh4ru">Kyeongmin Kim (@hareh4ru)</a> with <a href="https://kaist-hacking.github.io/">KAIST Hacking Lab</a> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Deployment Services (WDS) Remote Code Execution <p>Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could send specially crafted network requests to a Windows Server system that has the Windows Deployment Services (WDS) role enabled and is listening for TFTP traffic. By triggering an error in how the server handles simultaneous requests, an unauthenticated remote attacker could cause the service to use invalid memory, which could allow the attacker to run code on the affected server.</p> Windows Deployment Services Microsoft Yes CVE-2026-42987 Use After Free 11571 11572 11923 11924 12437 12436 10816 10855 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12437 Critical 12436 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 R4nger with Kunlun Lab &amp; Zhiniang Peng with HUST 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Graphics Component Remote Code Execution Vulnerability <p>Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Successful exploitation of this vulnerability requires the user to view a specially crafted file in the Windows File Explorer Preview Pane or open said file.</p> <p><strong>Are the updates for the Microsoft Word, PowerPoint and Excel for Android currently available?</strong></p> <p>The security update for Microsoft Word for Android, Microsoft PowerPoint for Android and Microsoft Excel for Android are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Windows Win32K - GRFX Microsoft Yes CVE-2026-44803 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 12031 12032 11772 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12031 Remote Code Execution 12032 Remote Code Execution 11772 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 12031 Critical 12032 Critical 11772 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12031 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12032 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11772 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 yhw and txz SnowRockLab 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows Graphics Component Remote Code Execution Vulnerability <p>Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Successful exploitation of this vulnerability requires the user to view a specially crafted file in the Windows File Explorer Preview Pane or open said file.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Are the updates for the Microsoft Word, PowerPoint and Excel for Android currently available?</strong></p> <p>The security update for Microsoft Word for Android, Microsoft PowerPoint for Android and Microsoft Excel for Android are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Windows Win32K - GRFX Microsoft Yes CVE-2026-44812 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 10852 10853 10816 10855 10378 10379 10483 10543 12031 12032 11772 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12031 Remote Code Execution 12032 Remote Code Execution 11772 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 20437 Critical 20438 Critical 12242 Critical 12243 Critical 12389 Critical 12390 Critical 12436 Critical 20853 Critical 20854 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 12031 Critical 12032 Critical 11772 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12031 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12032 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11772 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11568 11569 11571 11572 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11568 11569 11571 11572 5094123 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 5094122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094122 5087537 10852 10853 10816 10855 Yes Security Update 10.0.14393.9234 https://support.microsoft.com/help/5094122 10852 10853 10816 10855 5094122 5094042 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094042 5087470 10378 10379 Yes Monthly Rollup 6.2.9200.26132 https://support.microsoft.com/help/5094042 10378 10379 5094042 5094041 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094041 5087471 10483 10543 Yes Monthly Rollup 6.3.9600.23228 https://support.microsoft.com/help/5094041 10483 10543 5094041 SnowRockLab <a href="https://mylostchristmas.tistory.com/20">Seung Chan Kim</a> <a href="https://www.instagram.com/rustemsignore">rustemsignore</a> <a href="https://x.com/hareh4ru">Kyeongmin Kim (@hareh4ru)</a> with <a href="https://kaist-hacking.github.io/">KAIST Hacking Lab</a> yhw &amp; txz 1.0 2026-06-09T07:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Remote Desktop Client Microsoft Yes CVE-2026-42993 Heap-based Buffer Overflow 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 20853 Remote Code Execution 20854 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 pwn2addr 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2026-44813 Use After Free 20853 20854 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Varun Goel 1.0 2026-06-09T07:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2026-44804 Use After Free 20853 20854 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Varun Goel 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft M365 Copilot Remote Code Execution Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Copilot Microsoft No CVE-2026-45497 Improper Neutralization of Special Elements used in a Command ('Command Injection') 16765 Remote Code Execution 16765 Critical 16765 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 7.7 6.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C 16765 Holly Wright with Microsoft Yizhou Feng with Microsoft Guillermo Diaz with Microsoft 1.0 2026-06-04T07:00:00 <p>Information published.</p> M365 Copilot Information Disclosure Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> M365 Copilot Microsoft No CVE-2026-42824 Improper Neutralization of Special Elements used in a Command ('Command Injection') 16765 Information Disclosure 16765 Critical 16765 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16765 Dolev Taler with Varonis 1.0 2026-06-04T07:00:00 <p>Information published.</p> Azure HorizonDB Elevation of Privilege Vulnerability <p>Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure HorizonDB Microsoft No CVE-2026-48567 Authentication Bypass by Spoofing 21374 Elevation of Privilege 21374 Critical 21374 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 10.0 8.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C 21374 <a href="https://www.linkedin.com/in/sharathunni">Sharath Unni</a> 1.0 2026-06-04T07:00:00 <p>Information published.</p> Microsoft Exchange Online Information Disclosure Vulnerability <p>Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Exchange Online Microsoft No CVE-2026-48579 Improper Authorization 10133 Information Disclosure 10133 Critical 10133 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10133 Henrique Pereira with Microsoft Maxmillian Toor with Microsoft 1.0 2026-06-04T07:00:00 <p>Information published.</p> Chromium: CVE-2026-12011 Use after free  WebMIDI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/search/label/Desktop%20Update">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>149.0.4022.69</td> <td>06/15/2026</td> <td>149.0.7827.115</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2026-12011 11655 11655 11655 Release Notes 11655 No Security Update 149.0.4022.69 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2026-06-15T07:00:30 <p>Information published.</p> drm/amd/display: Fix dc_link NULL handling in HPD init Mariner Linux Yes CVE-2026-46245 21344-17084 21344-17084 Moderate 21344-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-05T01:01:20 <p>Information published.</p> MIPS: Work around LLVM bug when gp is used as global register variable Mariner Linux Yes CVE-2026-46250 21344-17084 21344-17084 Moderate 21344-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-05T01:01:26 <p>Information published.</p> 2.0 2026-06-09T01:44:59 <p>Information published.</p> regulator: core: fix locking in regulator_resolve_supply() error path Mariner Linux Yes CVE-2026-46252 21344-17084 21344-17084 Low 21344-17084 3.4 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L 21344-17084 1.0 2026-06-05T01:01:53 <p>Information published.</p> netfilter: nft_inner: Fix IPv6 inner_thoff desync Mariner Linux Yes CVE-2026-46244 21344-17084 21344-17084 Important 21344-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2026-06-05T01:01:59 <p>Information published.</p> Quadratic complexity in WordDecoder.DecodeHeader in mime Mariner Go Yes CVE-2026-42504 Inefficient Algorithmic Complexity 21021-17084 21411-17084 21423-17084 18315-17084 19693-17084 21021-17084 21411-17084 21423-17084 18315-17084 19693-17084 Important 21021-17084 Important 21411-17084 Important 21423-17084 Important 18315-17084 Important 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21021-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21411-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21423-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 CBL-Mariner Releases 21423-17084 No Security Update 1.26.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21423-17084 CBL-Mariner Releases 4.0 2026-06-09T01:45:18 <p>Information published.</p> 1.0 2026-06-05T01:02:08 <p>Information published.</p> 2.0 2026-06-07T01:02:12 <p>Information published.</p> 3.0 2026-06-07T14:40:51 <p>Information published.</p> libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur, Mariner mitre Yes CVE-2026-50219 Use After Free 21279-17084 21119-17084 21379-17084 21279-17084 21119-17084 21379-17084 Low 21279-17084 Moderate 21119-17084 Moderate 21379-17084 4.9 3.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:U 21279-17084 4.9 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 21119-17084 4.9 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 21379-17084 4.0 2026-06-09T01:46:00 <p>Information published.</p> 1.0 2026-06-05T01:02:23 <p>Information published.</p> 2.0 2026-06-07T01:01:28 <p>Information published.</p> 3.0 2026-06-07T14:41:16 <p>Information published.</p> cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow Mariner VulDB Yes CVE-2026-10722 Integer Overflow or Wraparound 21407-17084 21419-17084 21397-17084 21378-17084 21420-17084 17793-17084 21435-17084 21418-17084 20660-17084 21407-17084 21419-17084 21397-17084 21378-17084 21420-17084 17793-17084 21435-17084 21418-17084 20660-17084 Low 21407-17084 Low 21419-17084 Low 21397-17084 Low 21378-17084 Low 21420-17084 Low 17793-17084 Low 21435-17084 Low 21418-17084 Low 20660-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 21407-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 21419-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 21397-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 21378-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 21420-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 17793-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 21435-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 21418-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20660-17084 1.0 2026-06-07T01:01:56 <p>Information published.</p> 3.0 2026-06-08T14:40:15 <p>Information published.</p> 4.0 2026-06-09T01:46:11 <p>Information published.</p> 2.0 2026-06-07T14:41:59 <p>Information published.</p> Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service Mariner redhat Yes CVE-2026-43958 Stack-based Buffer Overflow 20791-17084 21439-17084 20791-17084 21439-17084 Important 20791-17084 Important 21439-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20791-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21439-17084 CBL-Mariner Releases 21439-17084 No Security Update 1.8.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21439-17084 CBL-Mariner Releases 1.0 2026-06-07T01:02:47 <p>Information published.</p> 3.0 2026-06-09T01:46:16 <p>Information published.</p> 2.0 2026-06-08T14:40:33 <p>Information published.</p> 4.0 2026-06-11T01:39:21 <p>Information published.</p> USCiLab Cereal Shared Pointer type confusion Mariner VulDB Yes CVE-2026-11463 Access of Resource Using Incompatible Type ('Type Confusion') 21441-17084 21441-17084 Important 21441-17084 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 21441-17084 1.0 2026-06-09T01:01:24 <p>Information published.</p> Apache HTTP Server: mod_http2 denial of service Mariner apache Yes CVE-2026-49975 Memory Allocation with Excessive Size Value 21448-17084 21442-17084 21448-17084 21442-17084 Important 21448-17084 Moderate 21442-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21448-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 21442-17084 CBL-Mariner Releases 21448-17084 No Security Update 1.28.3-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21448-17084 CBL-Mariner Releases CBL-Mariner Releases 21442-17084 No Security Update 2.4.68-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21442-17084 CBL-Mariner Releases 1.0 2026-06-09T01:01:30 <p>Information published.</p> 3.0 2026-06-12T01:01:35 <p>Information published.</p> 2.0 2026-06-10T01:42:51 <p>Information published.</p> LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body Mariner GitHub_M Yes CVE-2026-40930 Interpretation Conflict 21422-17084 19626-17084 21021-17084 21422-17084 19626-17084 21021-17084 Moderate 21422-17084 Moderate 19626-17084 Moderate 21021-17084 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L 21422-17084 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L 19626-17084 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L 21021-17084 1.0 2026-06-09T01:01:48 <p>Information published.</p> DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders Mariner CPANSec Yes CVE-2026-10879 Out-of-bounds Write 20052-17084 20052-17084 Important 20052-17084 8.6 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U 20052-17084 CBL-Mariner Releases 20052-17084 No Security Update 1.643-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20052-17084 CBL-Mariner Releases 1.0 2026-06-09T01:01:53 <p>Information published.</p> 2.0 2026-06-11T01:39:38 <p>Information published.</p> Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch Mariner redhat Yes CVE-2026-50256 Stack-based Buffer Overflow 21316-17084 21316-17084 Important 21316-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21316-17084 CBL-Mariner Releases 21316-17084 No Security Update 24.1.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21316-17084 CBL-Mariner Releases 2.0 2026-06-11T01:39:53 <p>Information published.</p> 1.0 2026-06-09T01:02:04 <p>Information published.</p> Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes Mariner redhat Yes CVE-2026-50262 Out-of-bounds Read 21316-17084 21316-17084 Moderate 21316-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U 21316-17084 CBL-Mariner Releases 21316-17084 No Security Update 24.1.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21316-17084 CBL-Mariner Releases 1.0 2026-06-09T01:02:10 <p>Information published.</p> 2.0 2026-06-11T01:40:00 <p>Information published.</p> Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter() Mariner redhat Yes CVE-2026-50260 Use After Free 21316-17084 21316-17084 Moderate 21316-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 21316-17084 CBL-Mariner Releases 21316-17084 No Security Update 24.1.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21316-17084 CBL-Mariner Releases 1.0 2026-06-09T01:02:16 <p>Information published.</p> 2.0 2026-06-11T01:40:08 <p>Information published.</p> Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence() Mariner redhat Yes CVE-2026-50257 Use After Free 21316-17084 21316-17084 Moderate 21316-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 21316-17084 CBL-Mariner Releases 21316-17084 No Security Update 24.1.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21316-17084 CBL-Mariner Releases 1.0 2026-06-09T01:02:27 <p>Information published.</p> 2.0 2026-06-11T01:40:22 <p>Information published.</p> Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels Mariner redhat Yes CVE-2026-50258 Stack-based Buffer Overflow 21316-17084 21316-17084 Important 21316-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21316-17084 CBL-Mariner Releases 21316-17084 No Security Update 24.1.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21316-17084 CBL-Mariner Releases 1.0 2026-06-09T01:02:33 <p>Information published.</p> 2.0 2026-06-11T01:40:30 <p>Information published.</p> Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow() Mariner redhat Yes CVE-2026-50263 Use After Free 21316-17084 21316-17084 Moderate 21316-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 21316-17084 CBL-Mariner Releases 21316-17084 No Security Update 24.1.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21316-17084 CBL-Mariner Releases 1.0 2026-06-09T01:02:38 <p>Information published.</p> 2.0 2026-06-11T01:40:37 <p>Information published.</p> Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths Mariner Linux Yes CVE-2026-46275 21344-17084 21344-17084 Important 21344-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2026-06-10T01:03:52 <p>Information published.</p> mtd: docg3: fix use-after-free in docg3_release() Mariner Linux Yes CVE-2026-46285 21344-17084 21344-17084 Important 21344-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21344-17084 1.0 2026-06-10T01:03:57 <p>Information published.</p> lib: test_hmm: evict device pages on file close to avoid use-after-free Mariner Linux Yes CVE-2026-46280 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:04:02 <p>Information published.</p> iio: frequency: admv1013: fix NULL pointer dereference on str Mariner Linux Yes CVE-2026-46282 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:04:13 <p>Information published.</p> media: videobuf2: Set vma_flags in vb2_dma_sg_mmap Mariner Linux Yes CVE-2026-46312 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:04:19 <p>Information published.</p> spi: topcliff-pch: fix use-after-free on unbind Mariner Linux Yes CVE-2026-46301 21344-17084 21344-17084 Important 21344-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2026-06-10T01:04:24 <p>Information published.</p> selinux: allow multiple opens of /sys/fs/selinux/policy Mariner Linux Yes CVE-2026-46302 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:04:35 <p>Information published.</p> drm/v3d: Reject empty multisync extension to prevent infinite loop Mariner Linux Yes CVE-2026-46314 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:04:40 <p>Information published.</p> drm/vkms: Convert to DRM's vblank timer Mariner Linux Yes CVE-2025-71315 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:04:46 <p>Information published.</p> spi: s3c64xx: fix NULL-deref on driver unbind Mariner Linux Yes CVE-2026-46296 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:04:57 <p>Information published.</p> net: txgbe: fix RTNL assertion warning when remove module Mariner Linux Yes CVE-2026-46287 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:05:08 <p>Information published.</p> hfsplus: fix held lock freed on hfsplus_fill_super() Mariner Linux Yes CVE-2026-46299 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:05:18 <p>Information published.</p> tun: free page on short-frame rejection in tun_xdp_one() Mariner Linux Yes CVE-2026-46321 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:05:47 <p>Information published.</p> net/sched: act_ct: Only release RCU read lock after ct_ft Mariner Linux Yes CVE-2026-46319 21344-17084 21344-17084 Important 21344-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2026-06-10T01:05:58 <p>Information published.</p> net: gro: don't merge zcopy skbs Mariner Linux Yes CVE-2026-46323 21344-17084 21344-17084 Moderate 21344-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 21344-17084 1.0 2026-06-10T01:06:04 <p>Information published.</p> netfilter: nf_tables: use list_del_rcu for netlink hooks Mariner Linux Yes CVE-2026-46324 21344-17084 21344-17084 Important 21344-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2026-06-10T01:06:09 <p>Information published.</p> tap: free page on error paths in tap_get_user_xdp() Mariner Linux Yes CVE-2026-46320 21344-17084 21344-17084 Important 21344-17084 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 21344-17084 1.0 2026-06-10T01:06:15 <p>Information published.</p> SQLite before 3.53.2 Memory Corruption in FTS5 Extension Mariner VulnCheck Yes CVE-2026-11822 Heap-based Buffer Overflow 21446-17084 21446-17084 Important 21446-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 21446-17084 CBL-Mariner Releases 21446-17084 No Security Update 3.44.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21446-17084 CBL-Mariner Releases 1.0 2026-06-11T01:01:31 <p>Information published.</p> 2.0 2026-06-13T01:43:31 <p>Information published.</p> Apache HTTP Server: mod_xml2enc heap overflow Mariner apache Yes CVE-2026-42536 Heap-based Buffer Overflow 21442-17084 21442-17084 Important 21442-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21442-17084 1.0 2026-06-11T01:01:59 <p>Information published.</p> Snappy: Binary path is never shell-escaped due to an inverted is_executable check Mariner GitHub_M Yes CVE-2026-46643 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 20117-17084 20117-17084 Important 20117-17084 1.0 2026-06-12T01:01:22 <p>Information published.</p> Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name Mariner GitHub_M Yes CVE-2026-47162 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 21449-17084 21449-17084 Important 21449-17084 CBL-Mariner Releases 21449-17084 No Security Update 9.2.0620-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21449-17084 CBL-Mariner Releases 1.0 2026-06-13T01:01:47 <p>Information published.</p> AES-OCB IV Ignored on EVP_Cipher() Path Mariner openssl Yes CVE-2026-45445 Missing Cryptographic Step 21452-17084 21217-17084 21450-17084 21370-17084 21380-17084 21400-17084 21433-17084 21452-17084 21217-17084 21450-17084 21370-17084 21380-17084 21400-17084 21433-17084 Important 21452-17084 Important 21217-17084 Moderate 21450-17084 Important 21370-17084 Important 21380-17084 Important 21400-17084 Important 21433-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 21452-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 21217-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U 21450-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 21370-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 21380-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 21400-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 21433-17084 2.0 2026-06-15T01:02:18 <p>Information published.</p> 1.0 2026-06-13T01:02:20 <p>Information published.</p> 3.0 2026-06-15T14:40:02 <p>Information published.</p> Heap Use-After-Free in the PKCS7_verify() Function Mariner openssl Yes CVE-2026-45447 Use After Free 21217-17084 21450-17084 21370-17084 21380-17084 21400-17084 21433-17084 21217-17084 21450-17084 21370-17084 21380-17084 21400-17084 21433-17084 Important 21217-17084 Important 21450-17084 Important 21370-17084 Important 21380-17084 Important 21400-17084 Important 21433-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21217-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21450-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21370-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21380-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21400-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21433-17084 1.0 2026-06-13T01:02:40 <p>Information published.</p> NULL Pointer Dereference in QUIC Server Initial Packet Handling Mariner openssl Yes CVE-2026-42764 NULL Pointer Dereference 21217-17084 21370-17084 21400-17084 21433-17084 21217-17084 21370-17084 21400-17084 21433-17084 Important 21217-17084 Important 21370-17084 Important 21400-17084 Important 21433-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21217-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21370-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21400-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21433-17084 1.0 2026-06-13T01:04:54 <p>Information published.</p> PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys Mariner openssl Yes CVE-2026-34181 Improper Validation of Integrity Check Value 21217-17084 21370-17084 21400-17084 21433-17084 21217-17084 21370-17084 21400-17084 21433-17084 Important 21217-17084 Important 21370-17084 Important 21400-17084 Important 21433-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 21217-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 21370-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 21400-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 21433-17084 1.0 2026-06-13T01:06:35 <p>Information published.</p> smb: client: reject userspace cifs.spnego descriptions Mariner Linux Yes CVE-2026-46243 Improper Input Validation 21344-17084 21344-17084 Important 21344-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2026-06-03T01:02:01 <p>Information published.</p> pip can extract console_scripts and gui_scripts outside installation directory Mariner PSF Yes CVE-2026-8643 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 21388-17084 21021-17084 21381-17084 21379-17084 21388-17084 21021-17084 21381-17084 21379-17084 Moderate 21388-17084 Moderate 21021-17084 Moderate 21381-17084 Moderate 21379-17084 4.0 2026-06-08T14:40:45 <p>Information published.</p> 1.0 2026-06-04T01:01:18 <p>Information published.</p> 2.0 2026-06-07T01:03:04 <p>Information published.</p> 3.0 2026-06-07T14:40:35 <p>Information published.</p> 5.0 2026-06-09T01:46:26 <p>Information published.</p> ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages. Mariner mitre Yes CVE-2026-50031 Stack-based Buffer Overflow 21436-17084 21436-17084 Important 21436-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21436-17084 CBL-Mariner Releases 21436-17084 No Security Update 1.6.18-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21436-17084 CBL-Mariner Releases 2.0 2026-06-09T01:44:54 <p>Information published.</p> 1.0 2026-06-04T01:01:25 <p>Information published.</p> AppArmor: Allow apparmor to handle unaligned dfa tables Mariner Linux Yes CVE-2026-46254 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-05T01:01:32 <p>Information published.</p> ibmveth: Disable GSO for packets with small MSS Mariner Linux Yes CVE-2026-46273 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 CBL-Mariner Releases 21344-17084 No Security Update 6.6.141.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21344-17084 CBL-Mariner Releases 1.0 2026-06-05T01:01:37 <p>Information published.</p> 2.0 2026-06-09T14:51:00 <p>Information published.</p> coresight: tmc-etr: Fix race condition between sysfs and perf mode Mariner Linux Yes CVE-2026-46272 21344-17084 21344-17084 Low 21344-17084 3.9 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L 21344-17084 2.0 2026-06-09T01:45:04 <p>Information published.</p> 1.0 2026-06-05T01:01:42 <p>Information published.</p> PCI: endpoint: Add missing NULL check for alloc_workqueue() Mariner Linux Yes CVE-2025-71313 21344-17084 21344-17084 Moderate 21344-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-05T01:01:48 <p>Information published.</p> Arbitrary inputs are included in errors without any escaping in net/textproto Mariner Go Yes CVE-2026-42507 19693-17084 21411-17084 21423-17084 18315-17084 21021-17084 19693-17084 21411-17084 21423-17084 18315-17084 21021-17084 Moderate 19693-17084 Moderate 21411-17084 Moderate 21423-17084 Moderate 18315-17084 Moderate 21021-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19693-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 21411-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 21423-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 18315-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 21021-17084 CBL-Mariner Releases 21423-17084 No Security Update 1.26.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21423-17084 CBL-Mariner Releases 4.0 2026-06-09T01:45:32 <p>Information published.</p> 1.0 2026-06-05T01:02:17 <p>Information published.</p> 2.0 2026-06-07T01:02:22 <p>Information published.</p> 3.0 2026-06-07T14:41:05 <p>Information published.</p> OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow Mariner VulDB Yes CVE-2026-10275 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 21210-17084 21210-17084 Low 21210-17084 5.0 4.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 21210-17084 1.0 2026-06-05T01:02:28 <p>Information published.</p> In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution Mariner mitre Yes CVE-2026-50292 Improper Neutralization of CRLF Sequences ('CRLF Injection') 21170-17084 21170-17084 Important 21170-17084 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 21170-17084 CBL-Mariner Releases 21170-17084 No Security Update 1.25.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21170-17084 CBL-Mariner Releases 2.0 2026-06-09T01:45:39 <p>Information published.</p> 1.0 2026-06-06T01:01:22 <p>Information published.</p> Inefficient candidate hostname parsing in crypto/x509 Mariner Go Yes CVE-2026-27145 18315-17084 21021-17084 21411-17084 21423-17084 19693-17084 18315-17084 21021-17084 21411-17084 21423-17084 19693-17084 Moderate 18315-17084 Moderate 21021-17084 Moderate 21411-17084 Moderate 21423-17084 Moderate 19693-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 18315-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 21021-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 21411-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 21423-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 19693-17084 3.0 2026-06-07T14:41:35 <p>Information published.</p> 4.0 2026-06-09T01:45:53 <p>Information published.</p> 1.0 2026-06-06T01:01:30 <p>Information published.</p> 2.0 2026-06-07T01:02:32 <p>Information published.</p> Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution Mariner redhat Yes CVE-2026-11332 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') 19586-17084 19586-17084 Important 19586-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19586-17084 CBL-Mariner Releases 19586-17084 No Security Update 2.17.11-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19586-17084 CBL-Mariner Releases 1.0 2026-06-07T01:01:21 <p>Information published.</p> 2.0 2026-06-08T14:39:49 <p>Information published.</p> 3.0 2026-06-11T01:44:24 <p>Information published.</p> Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. Mariner mitre Yes CVE-2026-37460 Improper Input Validation 21417-17084 21417-17084 Important 21417-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21417-17084 3.0 2026-06-09T01:46:06 <p>Information published.</p> 1.0 2026-06-07T01:02:01 <p>Information published.</p> 2.0 2026-06-08T14:40:20 <p>Information published.</p> Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal Mariner redhat Yes CVE-2026-5419 Observable Timing Discrepancy 21391-17084 21391-17084 Low 21391-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 21391-17084 CBL-Mariner Releases 21391-17084 No Security Update 3.8.13-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21391-17084 CBL-Mariner Releases 1.0 2026-06-07T01:02:38 <p>Information published.</p> 2.0 2026-06-08T14:40:25 <p>Information published.</p> 3.0 2026-06-11T01:44:30 <p>Information published.</p> HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities Mariner CPANSec Yes CVE-2026-8829 Use After Free 21440-17084 21440-17084 Important 21440-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 21440-17084 CBL-Mariner Releases 21440-17084 No Security Update 3.82-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21440-17084 CBL-Mariner Releases 1.0 2026-06-07T01:02:54 <p>Information published.</p> 2.0 2026-06-08T14:40:38 <p>Information published.</p> 3.0 2026-06-11T01:44:37 <p>Information published.</p> Potential DoS via quadratic complexity in unicodedata.normalize() Mariner PSF Yes CVE-2026-3276 Inefficient Algorithmic Complexity 21379-17084 21379-17084 Moderate 21379-17084 1.0 2026-06-07T01:03:09 <p>Information published.</p> 2.0 2026-06-08T14:40:51 <p>Information published.</p> tarfile.data_filter path traversal bypass allows writing outside the extraction directory Mariner PSF Yes CVE-2026-7774 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 21379-17084 21021-17084 21379-17084 21021-17084 Moderate 21379-17084 Moderate 21021-17084 CBL-Mariner Releases 21379-17084 No Security Update 3.12.9-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21379-17084 CBL-Mariner Releases 1.0 2026-06-07T01:03:17 <p>Information published.</p> 3.0 2026-06-08T14:40:56 <p>Information published.</p> 2.0 2026-06-07T14:42:28 <p>Information published.</p> 4.0 2026-06-09T01:46:31 <p>Information published.</p> 5.0 2026-06-15T01:41:21 <p>Information published.</p> Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292 Mariner redhat Yes CVE-2026-50265 21170-17084 21170-17084 Moderate 21170-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 21170-17084 1.0 2026-06-09T01:01:36 <p>Information published.</p> Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter() Mariner redhat Yes CVE-2026-50261 Use After Free 21316-17084 21316-17084 Important 21316-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21316-17084 CBL-Mariner Releases 21316-17084 No Security Update 24.1.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21316-17084 CBL-Mariner Releases 1.0 2026-06-09T01:01:59 <p>Information published.</p> 2.0 2026-06-11T01:39:45 <p>Information published.</p> Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing Mariner redhat Yes CVE-2026-50259 Stack-based Buffer Overflow 21316-17084 21316-17084 Important 21316-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21316-17084 CBL-Mariner Releases 21316-17084 No Security Update 24.1.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21316-17084 CBL-Mariner Releases 1.0 2026-06-09T01:02:22 <p>Information published.</p> 2.0 2026-06-11T01:40:15 <p>Information published.</p> lib/scatterlist: fix length calculations in extract_kvec_to_sg Mariner Linux Yes CVE-2026-46289 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:03:35 <p>Information published.</p> wifi: ath5k: do not access array OOB Mariner Linux Yes CVE-2026-46307 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:03:41 <p>Information published.</p> pmdomain: core: Fix detach procedure for virtual devices in genpd Mariner Linux Yes CVE-2026-46292 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:03:46 <p>Information published.</p> io-wq: check that the predecessor is hashed in io_wq_remove_pending() Mariner Linux Yes CVE-2026-46274 21344-17084 21344-17084 Important 21344-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2026-06-10T01:04:08 <p>Information published.</p> crypto: caam - guard HMAC key hex dumps in hash_digest_key Mariner Linux Yes CVE-2026-46291 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:04:30 <p>Information published.</p> clk: microchip: mpfs-ccc: fix out of bounds access during output registration Mariner Linux Yes CVE-2026-46293 21344-17084 21344-17084 Important 21344-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21344-17084 1.0 2026-06-10T01:04:51 <p>Information published.</p> flow_dissector: do not dissect PPPoE PFC frames Mariner Linux Yes CVE-2026-46306 21344-17084 21344-17084 Important 21344-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2026-06-10T01:05:02 <p>Information published.</p> nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free Mariner Linux Yes CVE-2026-46304 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:05:13 <p>Information published.</p> isofs: validate Rock Ridge CE continuation extent against volume size Mariner Linux Yes CVE-2026-46303 21344-17084 21344-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2026-06-10T01:05:24 <p>Information published.</p> Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service Mariner EEF Yes CVE-2026-49762 Uncontrolled Resource Consumption 21444-17084 21444-17084 Moderate 21444-17084 CBL-Mariner Releases 21444-17084 No Security Update 1.16.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21444-17084 CBL-Mariner Releases 2.0 2026-06-15T01:42:16 <p>Information published.</p> 1.0 2026-06-10T01:05:42 <p>Information published.</p> tun: free page on build_skb failure in tun_xdp_one() Mariner Linux Yes CVE-2026-46322 21344-17084 21344-17084 Moderate 21344-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 21344-17084 1.0 2026-06-10T01:05:53 <p>Information published.</p> RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE Mariner Linux Yes CVE-2026-46325 21344-17084 21344-17084 Moderate 21344-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 21344-17084 1.0 2026-06-10T01:06:20 <p>Information published.</p> Revert "net/smc: Introduce TCP ULP support" Mariner Linux Yes CVE-2026-46330 21344-17084 21344-17084 Important 21344-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 21344-17084 1.0 2026-06-10T01:06:26 <p>Information published.</p> lldpd: Heap OOB Read in VLAN Decapsulation memmove Mariner GitHub_M Yes CVE-2026-46433 Out-of-bounds Read 21445-17084 21445-17084 Moderate 21445-17084 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21445-17084 CBL-Mariner Releases 21445-17084 No Security Update 1.0.22-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21445-17084 CBL-Mariner Releases 2.0 2026-06-15T01:42:41 <p>Information published.</p> 1.0 2026-06-11T01:01:18 <p>Information published.</p> SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate Mariner VulnCheck Yes CVE-2026-11824 Heap-based Buffer Overflow 21446-17084 21446-17084 Important 21446-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 21446-17084 CBL-Mariner Releases 21446-17084 No Security Update 3.44.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21446-17084 CBL-Mariner Releases 1.0 2026-06-11T01:01:25 <p>Information published.</p> 2.0 2026-06-13T01:43:24 <p>Information published.</p> Insufficient verification that responses belong to a query Mariner NLnet Labs Yes CVE-2026-10846 Origin Validation Error 21447-17084 21447-17084 Important 21447-17084 CBL-Mariner Releases 21447-17084 No Security Update 1.8.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21447-17084 CBL-Mariner Releases 1.0 2026-06-11T01:01:37 <p>Information published.</p> 2.0 2026-06-13T01:43:38 <p>Information published.</p> Apache HTTP Server: mod_http2 memory corruption when file handles exhausted Mariner apache Yes CVE-2026-48913 Use After Free 21442-17084 21442-17084 Moderate 21442-17084 7.3 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U 21442-17084 1.0 2026-06-11T01:01:43 <p>Information published.</p> Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules Mariner apache Yes CVE-2026-44119 Improper Privilege Management 21442-17084 21442-17084 Moderate 21442-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U 21442-17084 1.0 2026-06-11T01:01:48 <p>Information published.</p> Apache HTTP Server: mod_proxy_ftp XSS Mariner apache Yes CVE-2026-29170 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 21442-17084 21442-17084 Moderate 21442-17084 6.1 5.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U 21442-17084 1.0 2026-06-11T01:01:54 <p>Information published.</p> Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash Mariner apache Yes CVE-2026-43951 Out-of-bounds Read 21442-17084 21442-17084 Moderate 21442-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 21442-17084 1.0 2026-06-11T01:02:05 <p>Information published.</p> Apache HTTP Server: mod_ldap per-dir use-after-free Mariner apache Yes CVE-2026-29167 Use After Free 21442-17084 21442-17084 Important 21442-17084 8.6 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U 21442-17084 1.0 2026-06-11T01:02:12 <p>Information published.</p> Apache HTTP Server: mod_dav_fs protected directory access Mariner apache Yes CVE-2026-42535 Exposure of Resource to Wrong Sphere 21442-17084 21442-17084 Moderate 21442-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 21442-17084 1.0 2026-06-11T01:02:25 <p>Information published.</p> Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow Mariner apache Yes CVE-2026-44631 Buffer Underwrite ('Buffer Underflow') 21442-17084 21442-17084 Important 21442-17084 9.4 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:U 21442-17084 1.0 2026-06-11T01:02:17 <p>Information published.</p> Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp Mariner apache Yes CVE-2026-44186 Loop with Unreachable Exit Condition ('Infinite Loop') 21442-17084 21442-17084 Moderate 21442-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 21442-17084 1.0 2026-06-11T01:02:30 <p>Information published.</p> Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow Mariner apache Yes CVE-2026-34356 Heap-based Buffer Overflow 21442-17084 21442-17084 Moderate 21442-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 21442-17084 1.0 2026-06-11T01:02:36 <p>Information published.</p> Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request` Mariner apache Yes CVE-2026-44185 Buffer Over-read 21442-17084 21442-17084 Important 21442-17084 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 21442-17084 1.0 2026-06-11T01:02:42 <p>Information published.</p> Apache HTTP Server: mod_proxy_html buffer overflow Mariner apache Yes CVE-2026-34355 Heap-based Buffer Overflow 21442-17084 21442-17084 Moderate 21442-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 21442-17084 1.0 2026-06-11T01:02:47 <p>Information published.</p> Snappy: SSRF and local file read via the xsl-style-sheet option Mariner GitHub_M Yes CVE-2026-46683 Server-Side Request Forgery (SSRF) 20117-17084 20117-17084 Moderate 20117-17084 1.0 2026-06-12T01:01:28 <p>Information published.</p> Vim: Arbitrary Code Execution via Python Omni-Completion Mariner GitHub_M Yes CVE-2026-52860 Improper Control of Generation of Code ('Code Injection') 21449-17084 21449-17084 Important 21449-17084 CBL-Mariner Releases 21449-17084 No Security Update 9.2.0620-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21449-17084 CBL-Mariner Releases 1.0 2026-06-13T01:01:27 <p>Information published.</p> Vim: Out-of-bounds Read in Terminal Screen Snapshot Mariner GitHub_M Yes CVE-2026-52859 Out-of-bounds Read 21449-17084 21449-17084 Moderate 21449-17084 CBL-Mariner Releases 21449-17084 No Security Update 9.2.0620-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21449-17084 CBL-Mariner Releases 1.0 2026-06-13T01:01:34 <p>Information published.</p> Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex Mariner GitHub_M Yes CVE-2026-47167 Improper Control of Generation of Code ('Code Injection') 21449-17084 21449-17084 Moderate 21449-17084 CBL-Mariner Releases 21449-17084 No Security Update 9.2.0620-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21449-17084 CBL-Mariner Releases 1.0 2026-06-13T01:01:41 <p>Information published.</p> Vim: Arbitrary Code Execution via Python Omni-Completion Mariner GitHub_M Yes CVE-2026-52858 Improper Control of Generation of Code ('Code Injection') 21449-17084 21449-17084 Important 21449-17084 CBL-Mariner Releases 21449-17084 No Security Update 9.2.0620-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21449-17084 CBL-Mariner Releases 1.0 2026-06-13T01:01:54 <p>Information published.</p> tmp: Path Traversal via unsanitized prefix/postfix enables directory escape Mariner GitHub_M Yes CVE-2026-44705 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 19693-17084 19693-17084 Important 19693-17084 1.0 2026-06-13T01:01:59 <p>Information published.</p> Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler Mariner openssl Yes CVE-2026-34183 Improperly Controlled Sequential Memory Allocation 21217-17084 21370-17084 21264-17084 21400-17084 21433-17084 21217-17084 21370-17084 21264-17084 21400-17084 21433-17084 Important 21217-17084 Important 21370-17084 Moderate 21264-17084 Important 21400-17084 Important 21433-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21217-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21370-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 21264-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21400-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21433-17084 1.0 2026-06-13T01:02:56 <p>Information published.</p> CMS AuthEnvelopedData Processing May Accept Forged Messages Mariner openssl Yes CVE-2026-34182 Improper Validation of Integrity Check Value 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 Critical 21217-17084 Critical 21450-17084 Critical 21370-17084 Critical 21264-17084 Critical 21380-17084 Critical 21400-17084 Critical 21433-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 21217-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 21450-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 21370-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 21264-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 21380-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 21400-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 21433-17084 CBL-Mariner Releases 21450-17084 No Security Update 20240524git3e722403cd16-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21450-17084 CBL-Mariner Releases 1.0 2026-06-13T01:03:18 <p>Information published.</p> 2.0 2026-06-16T02:14:59 <p>Information published.</p> Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion Mariner openssl Yes CVE-2026-7383 Out-of-bounds Write 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 21275-17084 21277-17084 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 21275-17084 21277-17084 Important 21217-17084 Important 21450-17084 Important 21370-17084 Important 21264-17084 Important 21380-17084 Important 21400-17084 Important 21433-17084 Important 21275-17084 Important 21277-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 21217-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 21450-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 21370-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 21264-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 21380-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 21400-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 21433-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 21275-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 21277-17084 1.0 2026-06-13T01:03:46 <p>Information published.</p> Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() Mariner openssl Yes CVE-2026-42768 Covert Channel 21452-17084 21217-17084 21370-17084 21400-17084 21433-17084 21452-17084 21217-17084 21370-17084 21400-17084 21433-17084 Low 21452-17084 Low 21217-17084 Low 21370-17084 Low 21400-17084 Low 21433-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 21452-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 21217-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 21370-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 21400-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 21433-17084 2.0 2026-06-15T01:01:25 <p>Information published.</p> 1.0 2026-06-13T01:03:59 <p>Information published.</p> 3.0 2026-06-15T14:42:12 <p>Information published.</p> Out-of-Bounds Read in CMS Password-Based Decryption Mariner openssl Yes CVE-2026-9076 Out-of-bounds Read 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 Important 21217-17084 Important 21450-17084 Important 21370-17084 Important 21264-17084 Important 21380-17084 Important 21400-17084 Important 21433-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21217-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21450-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21370-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21264-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21380-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21400-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21433-17084 1.0 2026-06-13T01:04:21 <p>Information published.</p> Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes Mariner openssl Yes CVE-2026-45446 Missing Cryptographic Step 21217-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 21217-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 Moderate 21217-17084 Moderate 21370-17084 Moderate 21264-17084 Moderate 21380-17084 Moderate 21400-17084 Moderate 21433-17084 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 21217-17084 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 21370-17084 4.8 4.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U 21264-17084 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 21380-17084 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 21400-17084 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 21433-17084 1.0 2026-06-13T01:04:41 <p>Information published.</p> Possible NULL Dereference in Password-Based CMS Decryption Mariner openssl Yes CVE-2026-42766 NULL Pointer Dereference 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 Moderate 21217-17084 Moderate 21450-17084 Moderate 21370-17084 Moderate 21264-17084 Moderate 21380-17084 Moderate 21400-17084 Moderate 21433-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21217-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21450-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21370-17084 5.9 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 21264-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21380-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21400-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21433-17084 1.0 2026-06-13T01:05:17 <p>Information published.</p> NULL Pointer Dereference in CRMF EncryptedValue Decryption Mariner openssl Yes CVE-2026-42767 NULL Pointer Dereference 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 Moderate 21217-17084 Moderate 21450-17084 Moderate 21370-17084 Moderate 21264-17084 Moderate 21380-17084 Moderate 21400-17084 Moderate 21433-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21217-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21450-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21370-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21264-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21380-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21400-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21433-17084 1.0 2026-06-13T01:05:39 <p>Information published.</p> Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate Mariner openssl Yes CVE-2026-42769 Improper Certificate Validation 21370-17084 21217-17084 21400-17084 21433-17084 21370-17084 21217-17084 21400-17084 21433-17084 Moderate 21370-17084 Moderate 21217-17084 Moderate 21400-17084 Moderate 21433-17084 5.3 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 21370-17084 5.3 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 21217-17084 5.3 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 21400-17084 5.3 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 21433-17084 1.0 2026-06-13T01:05:54 <p>Information published.</p> Heap Buffer Over-read in ASN.1 Content Parsing Mariner openssl Yes CVE-2026-34180 Out-of-bounds Read 21275-17084 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 21277-17084 21275-17084 21217-17084 21450-17084 21370-17084 21264-17084 21380-17084 21400-17084 21433-17084 21277-17084 Important 21275-17084 Important 21217-17084 Important 21450-17084 Important 21370-17084 Important 21264-17084 Important 21380-17084 Important 21400-17084 Important 21433-17084 Important 21277-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21275-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21217-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21450-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21370-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21264-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21380-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21400-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21433-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 21277-17084 1.0 2026-06-13T01:06:21 <p>Information published.</p> opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response Mariner GitHub_M Yes CVE-2026-44967 Memory Allocation with Excessive Size Value 21451-17084 21451-17084 Moderate 21451-17084 5.3 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21451-17084 2.0 2026-06-15T14:42:02 <p>Information published.</p> 1.0 2026-06-14T01:01:20 <p>Information published.</p> GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle Mariner CPANSec Yes CVE-2026-11526 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 21453-17084 21453-17084 Moderate 21453-17084 4.2 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H 21453-17084 1.0 2026-06-15T01:02:31 <p>Information published.</p> 2.0 2026-06-15T14:42:07 <p>Information published.</p> Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext. Mariner TuranSec Yes CVE-2026-54411 Observable Timing Discrepancy 19627-17084 19627-17084 Moderate 19627-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19627-17084 1.0 2026-06-16T01:01:29 <p>Information published.</p> Microsoft Defender Elevation of Privilege Vulnerability <p>Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as &quot;RoguePlanet &quot;. We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.</p> Microsoft Defender Microsoft Yes CVE-2026-50656 Improper Link Resolution Before File Access ('Link Following') 11902 Elevation of Privilege 11902 Important 11902 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 7.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C 11902 1.0 2026-06-16T07:00:00 <p>Information published.</p> Microsoft Windows VMSwitch Denial of Service Vulnerability <p>Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service over an adjacent network.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> Windows VMSwitch Microsoft Yes CVE-2026-42915 Incorrect Calculation of Buffer Size 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12389 12390 12436 20853 20854 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 20853 Denial of Service 20854 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20853 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 11931 12097 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20437 20438 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20437 20438 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 Linzishan &amp; Anemone &amp; Zhiniang Peng (HUST) Anonymous Calif.io and Milad Nasr (Anthropic) with Claude with Calif.io and Anthropic <a href="https://x.com/_qwerty_po">Wongi Lee</a> with <a href="https://xint.io/">Theori</a> <a href="https://x.com/physicube">Jungwoo Lee</a> with <a href="https://softsec.kaist.ac.kr/">KAIST SoftSec Lab</a> 1.1 2026-06-16T07:00:00 <p>Corrected the CVE description and title. This is an informational change only.</p> 1.0 2026-06-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> Microsoft Office SharePoint Microsoft Yes CVE-2026-47636 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 10950 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11585 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11961 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 P1hcn 41ae55e9310ff27fa6f26af4727e5590 1.0 2026-06-09T07:00:00 <p>Information published.</p> 1.1 2026-06-17T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Microsoft Office Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Microsoft Yes CVE-2026-45475 Heap-based Buffer Overflow 21368 10950 11585 11573 11574 11762 11763 11951 11952 11953 11961 12420 12421 12440 10753 10754 Remote Code Execution 21368 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 11961 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Important 21368 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 11961 Important 12420 Important 12421 Important 12440 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 21368 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 5002880 https://www.microsoft.com/en-us/download/details.aspx?id=108696 5002868 10950 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002880 10950 5002880 5002881 https://www.microsoft.com/en-us/download/details.aspx?id=108697 5002869 10950 Maybe Security Update 16.0.5556.1002 https://support.microsoft.com/help/5002881 10950 5002881 5002874 https://www.microsoft.com/en-us/download/details.aspx?id=108694 5002870 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002874 11585 5002874 5002876 https://www.microsoft.com/en-us/download/details.aspx?id=108693 5002872 11585 Maybe Security Update 16.0.10417.20153 https://support.microsoft.com/help/5002876 11585 5002876 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002873 https://www.microsoft.com/en-us/download/details.aspx?id=108692 5002863 11961 Maybe Security Update 16.0.19725.20384 https://support.microsoft.com/help/5002873 11961 5002873 5002878 https://www.microsoft.com/en-us/download/details.aspx?id=108688 5002866 10753 10754 Maybe Security Update 16.0.5556.1005 https://support.microsoft.com/help/5002878 10753 10754 5002878 0ccbbf129444eb66344ccafb92b00df4 <a href="https://x.com/lmksecurity">Jeongmin Choi</a> Haein Lee with KAIST Hacking Lab 1.0 2026-06-09T07:00:00 <p>Information published.</p> 1.1 2026-06-17T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Windows Projected File System Elevation of Privilege Vulnerability <p>Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Projected File System Filter Driver Microsoft Yes CVE-2026-42828 Buffer Over-read 11923 11572 11569 11568 11924 11571 11929 11930 12097 11931 12098 12437 12099 20438 20437 12242 12243 12389 12390 12436 20853 20854 Elevation of Privilege 11923 Elevation of Privilege 11572 Elevation of Privilege 11569 Elevation of Privilege 11568 Elevation of Privilege 11924 Elevation of Privilege 11571 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 12097 Elevation of Privilege 11931 Elevation of Privilege 12098 Elevation of Privilege 12437 Elevation of Privilege 12099 Elevation of Privilege 20438 Elevation of Privilege 20437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20853 Elevation of Privilege 20854 Important 11923 Important 11572 Important 11569 Important 11568 Important 11924 Important 11571 Important 11929 Important 11930 Important 12097 Important 11931 Important 12098 Important 12437 Important 12099 Important 20438 Important 20437 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 20853 Important 20854 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20854 5094128 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094128 5087545 11923 11924 Yes Security Update 10.0.20348.5256 https://support.microsoft.com/help/5094128 11923 11924 5094128 5094128 https://support.microsoft.com/help/5094128 11923 11924 5094123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123 5087538 11572 11569 11568 11571 Yes Security Update 10.0.17763.8880 https://support.microsoft.com/help/5094123 11572 11569 11568 11571 5094123 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 11929 11930 11931 Yes Security Update 10.0.19044.7417 https://support.microsoft.com/help/5094127 11929 11930 11931 5094127 5094127 https://support.microsoft.com/help/5094127 11929 11930 12097 11931 12098 12099 5094127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127 5087544 12097 12098 12099 Yes Security Update 10.0.19045.7417 https://support.microsoft.com/help/5094127 12097 12098 12099 5094127 5094125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094125 12437 12436 Yes Security Update 10.0.26100.32995 https://support.microsoft.com/help/5094125 12437 12436 5094125 5094125 https://support.microsoft.com/help/5094125 12437 12436 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 20438 20437 Yes Security Update 10.0.26200.8655 https://support.microsoft.com/help/5094126 20438 20437 5094126 5093998 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998 5087420 12242 12243 Yes Security Update 10.0.22631.7219 https://support.microsoft.com/help/5093998 12242 12243 5093998 5094126 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094126 5089549 12389 12390 Yes Security Update 10.0.26100.8655 https://support.microsoft.com/help/5094126 12389 12390 5094126 5095051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5095051 20853 20854 Yes Security Update 10.0.28000.2269 https://support.microsoft.com/help/5095051 20853 20854 5095051 <a href="https://smlijun.github.io/">DongJun Kim</a> with <a href="https://www.enki.co.kr/">Enki WhiteHat</a> Thanatos Tian (HKPolyU) &amp; wgg &amp; @2st__ with Diffract &amp; Zhiniang Peng with HUST Vang3lis 1.0 2026-06-09T07:00:00 <p>Information published.</p> 1.1 2026-06-17T07:00:00 <p>Acknowledgement added. This is an informational change only.</p>