May 2026 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2026-May
2026-May
Final
1.0
1486
2026-06-10T07:00:00
May 2026 Security Updates
2026-05-12T07:00:00
2026-06-10T07:00:00
<h2 id="this-release-consists-of-the-following-161-microsoft-cves">This release consists of the following 161 Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>Tag</th>
<th>CVE</th>
<th>Base Score</th>
<th>CVSS Vector</th>
<th>Exploitability</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Windows Rich Text Edit</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21530">CVE-2026-21530</a></td>
<td>6.7</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Power Pages</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-23652">CVE-2026-23652</a></td>
<td>10.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Entra ID</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-23663">CVE-2026-23663</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>M365 Copilot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-26129">CVE-2026-26129</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Compute Gallery</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-26147">CVE-2026-26147</a></td>
<td>7.7</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>M365 Copilot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-26164">CVE-2026-26164</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Native WiFi Miniport Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32161">CVE-2026-32161</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Rich Text Edit Control</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32170">CVE-2026-32170</a></td>
<td>6.7</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>.NET</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32175">CVE-2026-32175</a></td>
<td>4.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>.NET</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32177">CVE-2026-32177</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Teams</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32185">CVE-2026-32185</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Monitor Agent</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32204">CVE-2026-32204</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Machine Learning</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32207">CVE-2026-32207</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Filtering Platform (WFP)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32209">CVE-2026-32209</a></td>
<td>4.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Managed Instance for Apache Cassandra</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33109">CVE-2026-33109</a></td>
<td>9.9</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33110">CVE-2026-33110</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Copilot Chat (Microsoft Edge)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33111">CVE-2026-33111</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33112">CVE-2026-33112</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure SDK</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33117">CVE-2026-33117</a></td>
<td>9.1</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Dynamics 365 Customer Insights</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33821">CVE-2026-33821</a></td>
<td>7.7</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Teams</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33823">CVE-2026-33823</a></td>
<td>9.6</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Machine Learning</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33833">CVE-2026-33833</a></td>
<td>8.2</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Event Logging Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33834">CVE-2026-33834</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Cloud Files Mini Filter Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33835">CVE-2026-33835</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TCP/IP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33837">CVE-2026-33837</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Message Queuing</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33838">CVE-2026-33838</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - GRFX</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33839">CVE-2026-33839</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - ICOMP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33840">CVE-2026-33840</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33841">CVE-2026-33841</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Azure Active Directory B2C</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33843">CVE-2026-33843</a></td>
<td>9.1</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Managed Instance for Apache Cassandra</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33844">CVE-2026-33844</a></td>
<td>9.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Partner Center</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34327">CVE-2026-34327</a></td>
<td>8.2</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Message Queuing</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34329">CVE-2026-34329</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - GRFX</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34330">CVE-2026-34330</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - GRFX</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34331">CVE-2026-34331</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel-Mode Drivers</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34332">CVE-2026-34332</a></td>
<td>8.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - GRFX</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34333">CVE-2026-34333</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TCP/IP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34334">CVE-2026-34334</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DWM Core Library</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34336">CVE-2026-34336</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Cloud Files Mini Filter Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34337">CVE-2026-34337</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34338">CVE-2026-34338</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows LDAP - Lightweight Directory Access Protocol</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34339">CVE-2026-34339</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Projected File System</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34340">CVE-2026-34340</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Link-Layer Discovery Protocol (LLDP)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34341">CVE-2026-34341</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Print Spooler Components</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34342">CVE-2026-34342</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Application Identity (AppID) Subsystem</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34343">CVE-2026-34343</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34344">CVE-2026-34344</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34345">CVE-2026-34345</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - GRFX</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34347">CVE-2026-34347</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storport Miniport Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34350">CVE-2026-34350</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TCP/IP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-34351">CVE-2026-34351</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage Spaces Controller</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35415">CVE-2026-35415</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35416">CVE-2026-35416</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - ICOMP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35417">CVE-2026-35417</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Cloud Files Mini Filter Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35418">CVE-2026-35418</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DWM Core Library</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35419">CVE-2026-35419</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35420">CVE-2026-35420</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows GDI</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35421">CVE-2026-35421</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TCP/IP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35422">CVE-2026-35422</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Telnet Client</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35423">CVE-2026-35423</a></td>
<td>5.4</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Internet Key Exchange (IKE) Protocol</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35424">CVE-2026-35424</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Cloud Shell</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35428">CVE-2026-35428</a></td>
<td>9.6</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge for Android</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35429">CVE-2026-35429</a></td>
<td>4.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Privileged Identity Management (PIM)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35430">CVE-2026-35430</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>.NET</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35433">CVE-2026-35433</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure AI Foundry M365 published agents</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35435">CVE-2026-35435</a></td>
<td>8.6</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Click-To-Run</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35436">CVE-2026-35436</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Admin Center</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35438">CVE-2026-35438</a></td>
<td>8.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35439">CVE-2026-35439</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35440">CVE-2026-35440</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40357">CVE-2026-40357</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40358">CVE-2026-40358</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40359">CVE-2026-40359</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40360">CVE-2026-40360</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40361">CVE-2026-40361</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40362">CVE-2026-40362</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40363">CVE-2026-40363</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40364">CVE-2026-40364</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40365">CVE-2026-40365</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40366">CVE-2026-40366</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40367">CVE-2026-40367</a></td>
<td>8.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40368">CVE-2026-40368</a></td>
<td>8.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40369">CVE-2026-40369</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>SQL Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40370">CVE-2026-40370</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Power Automate</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40374">CVE-2026-40374</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Cryptographic Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40377">CVE-2026-40377</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Entra ID</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40379">CVE-2026-40379</a></td>
<td>9.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Volume Manager Extension Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40380">CVE-2026-40380</a></td>
<td>6.2</td>
<td>CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Connected Machine Agent</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40381">CVE-2026-40381</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40382">CVE-2026-40382</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Common Log File System Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40397">CVE-2026-40397</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Remote Desktop</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40398">CVE-2026-40398</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TCP/IP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40399">CVE-2026-40399</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TCP/IP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40401">CVE-2026-40401</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Hyper-V</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40402">CVE-2026-40402</a></td>
<td>9.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K - GRFX</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40403">CVE-2026-40403</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TCP/IP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40405">CVE-2026-40405</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TCP/IP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40406">CVE-2026-40406</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Common Log File System Driver</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40407">CVE-2026-40407</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel-Mode Drivers</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40408">CVE-2026-40408</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SMB Client</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40410">CVE-2026-40410</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Virtual Network Gateway</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40411">CVE-2026-40411</a></td>
<td>9.9</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Orbital Spatio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40412">CVE-2026-40412</a></td>
<td>10.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TCP/IP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40413">CVE-2026-40413</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TCP/IP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40414">CVE-2026-40414</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows TCP/IP</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40415">CVE-2026-40415</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40416">CVE-2026-40416</a></td>
<td>4.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Dynamics Business Central</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40417">CVE-2026-40417</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Click-To-Run</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40418">CVE-2026-40418</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40419">CVE-2026-40419</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Click-To-Run</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40420">CVE-2026-40420</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40421">CVE-2026-40421</a></td>
<td>4.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Admin Center</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41086">CVE-2026-41086</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41088">CVE-2026-41088</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Netlogon</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41089">CVE-2026-41089</a></td>
<td>9.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Copilot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41090">CVE-2026-41090</a></td>
<td>9.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Data Formulator</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41094">CVE-2026-41094</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Data Deduplication</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41095">CVE-2026-41095</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Windows DNS</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41096">CVE-2026-41096</a></td>
<td>9.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Secure Boot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41097">CVE-2026-41097</a></td>
<td>6.7</td>
<td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>M365 Copilot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41100">CVE-2026-41100</a></td>
<td>4.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41101">CVE-2026-41101</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office PowerPoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41102">CVE-2026-41102</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft SSO Plugin for Jira & Confluence</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41103">CVE-2026-41103</a></td>
<td>9.1</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Planetary Computer Pro</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41104">CVE-2026-41104</a></td>
<td>10.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Notification Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41105">CVE-2026-41105</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41107">CVE-2026-41107</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>GitHub Copilot and Visual Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41109">CVE-2026-41109</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio Code</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41610">CVE-2026-41610</a></td>
<td>6.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio Code</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41611">CVE-2026-41611</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio Code</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41612">CVE-2026-41612</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio Code</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41613">CVE-2026-41613</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>M365 Copilot for Desktop</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41614">CVE-2026-41614</a></td>
<td>6.2</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Authenticator</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41615">CVE-2026-41615</a></td>
<td>9.6</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Local Disconnected Operations</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42822">CVE-2026-42822</a></td>
<td>10.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Logic Apps</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42823">CVE-2026-42823</a></td>
<td>9.9</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42825">CVE-2026-42825</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure DevOps</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42826">CVE-2026-42826</a></td>
<td>10.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>M365 Copilot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42827">CVE-2026-42827</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Monitor Agent</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42830">CVE-2026-42830</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42831">CVE-2026-42831</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42832">CVE-2026-42832</a></td>
<td>7.7</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Dynamics 365 (on-premises)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42833">CVE-2026-42833</a></td>
<td>9.1</td>
<td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Portal Windows Admin Center</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42834">CVE-2026-42834</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42838">CVE-2026-42838</a></td>
<td>5.4</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42891">CVE-2026-42891</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>M365 Copilot</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42893">CVE-2026-42893</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DWM Core Library</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42896">CVE-2026-42896</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Exchange Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897">CVE-2026-42897</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Dynamics 365 (on-premises)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42898">CVE-2026-42898</a></td>
<td>9.9</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>ASP.NET Core</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42899">CVE-2026-42899</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Entra ID</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42901">CVE-2026-42901</a></td>
<td>10.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45492">CVE-2026-45492</a></td>
<td></td>
<td></td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45494">CVE-2026-45494</a></td>
<td>5.4</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45495">CVE-2026-45495</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Defender</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498">CVE-2026-45498</a></td>
<td>4.0</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Defender</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45584">CVE-2026-45584</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows BitLocker</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45585">CVE-2026-45585</a></td>
<td>6.8</td>
<td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45659">CVE-2026-45659</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Resource Manager (ARM)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47280">CVE-2026-47280</a></td>
<td>10.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47294">CVE-2026-47294</a></td>
<td>8.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="we-are-republishing-369-non-microsoft-cves-chrome-cves-not-listed">We are republishing 369 non-Microsoft CVEs (Chrome CVEs not listed):</h2>
<table>
<thead>
<tr>
<th>CNA</th>
<th>Tag</th>
<th>CVE</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>AMD</td>
<td>AMD CPU Branch</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54518">CVE-2025-54518</a></td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>October 31, 2025</td>
<td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/introducing-new-features-improved-security-experience">You asked, we delivered: Introducing new features for an improved security experience</a></td>
</tr>
<tr>
<td>October 28, 2025</td>
<td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/understanding-cve-2025-55315">Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know</a></td>
</tr>
<tr>
<td>October 22, 2025</td>
<td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond</a></td>
</tr>
<tr>
<td>November 12, 2024</td>
<td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td>
</tr>
<tr>
<td>June 27, 2024</td>
<td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td>
</tr>
<tr>
<td>April 9, 2024</td>
<td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td>
</tr>
<tr>
<td>January 6, 2023</td>
<td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td>
</tr>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-resources">Relevant Resources</h2>
<ul>
<li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5087420">5087420</a></td>
<td>Windows 11, version 23H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5087539">5087539</a></td>
<td>Windows Server 2025</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5087541">5087541</a></td>
<td>Windows Server 2022 23H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5087545">5087545</a></td>
<td>Windows Server 2022</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5089549">5089549</a></td>
<td>Windows 11 version 25H2, Windows 11 version 24H2</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Microsoft Entra ID
Azure Machine Learning
Azure Managed Instance for Apache Cassandra
Azure Orbital Spatio
Azure Privileged Identity Management (PIM)
Azure Virtual Network Gateway
Azure Resource Manager
Azure Stack HCI
Azure Monitor Agent
Azure SDK for Java
Windows Admin Center in Azure Portal
Azure Connected Machine Agent
Microsoft JIRA SAML SSO plugin
Microsoft Confluence SAML SSO plugin
Azure Logic Apps
Azure Monitor Agent Metrics Extension
Azure Local
Microsoft Partner Center
Azure Cloud Shell
Azure AI Foundry
Azure Monitor Action Group notification system
Microsoft Global Secure Access (GSA)
Microsoft Power Pages
Power Automate for Desktop
Microsoft Dynamics 365 Business Central 2026 Release Wave 1
Microsoft Dynamics 365 Business Central Release Wave 1 2025
Microsoft Dynamics 365 Business Central Release Wave 2 2025
Microsoft Dynamics 365 Business Central 2024 Release Wave 2
Microsoft Dynamics 365 (on-premises) version 9.1
Dynamics 365 Customer Insights
Microsoft 365 Copilot
Microsoft 365 Copilot for iOS
Microsoft Word for Android
M365 Copilot for Desktop
Microsoft Authenticator for Android
Microsoft Authenticator for IOS
Microsoft 365 Copilot's Business Chat
Microsoft 365 Copilot for Android
Microsoft Edge (Chromium-based)
Microsoft Edge for Android
Copilot Chat (Microsoft Edge)
.NET 10.0 installed on Windows
.NET 8.0 installed on Windows
.NET 9.0 installed on Windows
Microsoft Visual Studio 2022 version 17.12
Microsoft Visual Studio 2022 version 17.14
Microsoft Visual Studio 2026 version 18.5
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows Server 2016
Microsoft .NET Framework 4.8 on Windows Server 2012
Microsoft .NET Framework 4.8 on Windows Server 2012 R2
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 25H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 25H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 26H1 for x64-based Systems - extra
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2025
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 26H1 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 26H1 for ARM64-based Systems
Microsoft .NET Framework 3.5 on Windows Server 2012
Microsoft .NET Framework 3.5 on Windows Server 2012 R2
Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems
Microsoft Data Formulator
Visual Studio Code
Visual Studio Code - Live Preview extension
.NET 9.0 installed on Linux
.NET 8.0 installed on Mac OS
.NET 8.0 installed on Linux
.NET 9.0 installed on Mac OS
.NET 10.0 installed on Mac OS
.NET 10.0 installed on Linux
Azure DevOps
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows Server 2025 (Server Core installation)
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2025
Windows 11 version 26H1 for x64-based Systems
Windows 11 Version 26H1 for ARM64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 11 Version 26H1 for x64-based Systems - extra
Windows Admin Center
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 14
Microsoft Exchange Server 2019 Cumulative Update 15
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Office Online Server
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC for Mac 2024
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office for Android
Microsoft PowerPoint for Android
Microsoft Teams for Android
Microsoft Excel for Android
Microsoft Outlook for iOS
Microsoft Teams
Microsoft Loop for Android
Microsoft OneNote for Android
Microsoft Exchange Server Subscription Edition RTM
Microsoft Defender Antimalware Platform
Microsoft Malware Protection Engine
Microsoft SQL Server 2025 for x64-based Systems (CU4)
Microsoft SQL Server 2022 for x64-based Systems (CU 24)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Microsoft SQL Server 2025 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 32)
Microsoft Planetary Computer Pro (GeoCatalog)
azl3 kernel 6.6.134.1-2 on Azure Linux 3.0
azl3 kernel 6.6.138.1-1 on Azure Linux 3.0
azl3 kernel 6.6.137.1-2 on Azure Linux 3.0
azl3 kernel 6.6.139.1-1 on Azure Linux 3.0
cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0
azl3 coredns 1.11.4-15 on Azure Linux 3.0
cbl2 prometheus 2.37.9-7 on CBL Mariner 2.0
azl3 telegraf 1.31.0-19 on Azure Linux 3.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
azl3 frr 10.5.0-3 on Azure Linux 3.0
azl3 ruby 3.3.5-8 on Azure Linux 3.0
azl3 cmake 3.30.3-13 on Azure Linux 3.0
azl3 python3 3.12.9-10 on Azure Linux 3.0
azl3 expat 2.6.4-6 on Azure Linux 3.0
azl3 qtsvg 6.6.1-3 on Azure Linux 3.0
azl3 python-mako 1.2.4-3 on Azure Linux 3.0
azl3 curl 8.11.1-6 on Azure Linux 3.0
azl3 gnutls 3.8.3-8 on Azure Linux 3.0
azl3 libyang 2.1.148-1 on Azure Linux 3.0
azl3 postgresql 16.12-1 on Azure Linux 3.0
azl3 rust 1.75.0-28 on Azure Linux 3.0
azl3 nginx 1.28.3-1 on Azure Linux 3.0
azl3 clamav 1.5.2-2 on Azure Linux 3.0
azl3 cloud-hypervisor 51.1.56-1 on Azure Linux 3.0
azl3 python-cryptography 42.0.5-4 on Azure Linux 3.0
azl3 rpm-ostree 2024.4-10 on Azure Linux 3.0
azl3 rust 1.90.0-7 on Azure Linux 3.0
azl3 rust-afterburn 5.8.2-1 on Azure Linux 3.0
azl3 trident 0.22.0-1 on Azure Linux 3.0
azl3 python-urllib3 2.0.7-4 on Azure Linux 3.0
azl3 rsync 3.4.1-2 on Azure Linux 3.0
azl3 memcached 1.6.27-4 on Azure Linux 3.0
azl3 unbound 1.19.1-5 on Azure Linux 3.0
azl3 rabbitmq-server 3.13.7-3 on Azure Linux 3.0
azl3 bind 9.20.21-1 on Azure Linux 3.0
azl3 haveged 1.9.17-1 on Azure Linux 3.0
azl3 perl 5.38.2-509 on Azure Linux 3.0
cbl2 ceph 16.2.10-11 on CBL Mariner 2.0
cbl2 httpd 2.4.66-1 on CBL Mariner 2.0
azl3 httpd 2.4.66-1 on Azure Linux 3.0
azl3 valkey 8.0.7-1 on Azure Linux 3.0
azl3 pgbouncer 1.25.1-1 on Azure Linux 3.0
azl3 vim 9.2.0392-1 on Azure Linux 3.0
azl3 python-mistune 3.0.2-1 on Azure Linux 3.0
azl3 simdjson 3.11.6-2 on Azure Linux 3.0
azl3 dnsmasq 2.90-1 on Azure Linux 3.0
azl3 kernel-hwe 6.12.0.0-1 on Azure Linux 3.0
azl3 etcd 3.5.28-1 on Azure Linux 3.0
azl3 thrift 0.15.0-5 on Azure Linux 3.0
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Windows Server 2016
Office Online Server
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft SharePoint Server 2019
Visual Studio Code
Windows Admin Center
Microsoft .NET Framework 4.8 on Windows Server 2012
Microsoft .NET Framework 4.8 on Windows Server 2012 R2
Microsoft .NET Framework 4.8 on Windows Server 2016
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems
Microsoft Edge (Chromium-based)
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022
Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019
Microsoft Outlook for iOS
Microsoft Teams
Microsoft Defender Antimalware Platform
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Word for Android
Microsoft Edge for Android
Azure SDK for Java
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2
Microsoft Malware Protection Engine
Microsoft Dynamics 365 (on-premises) version 9.1
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Server Subscription Edition
Azure DevOps
Microsoft Teams for Android
Microsoft Excel for Android
Microsoft PowerPoint for Android
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2025
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 25H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 25H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 26H1 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 26H1 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 26H1 for x64-based Systems - extra
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Azure Machine Learning
Microsoft OneNote for Android
Microsoft Office for Android
Azure Logic Apps
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Azure Connected Machine Agent
Microsoft Authenticator for Android
Microsoft Exchange Server 2019 Cumulative Update 14
Azure Monitor Agent
Dynamics 365 Customer Insights
Microsoft Entra ID
Azure Managed Instance for Apache Cassandra
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Azure Stack HCI
Power Automate for Desktop
.NET 8.0 installed on Windows
.NET 8.0 installed on Linux
.NET 8.0 installed on Mac OS
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Partner Center
.NET 9.0 installed on Linux
.NET 9.0 installed on Mac OS
.NET 9.0 installed on Windows
Windows Server 2025
Windows Server 2025 (Server Core installation)
Microsoft Office LTSC for Mac 2024
Azure Resource Manager
Microsoft Visual Studio 2022 version 17.12
Microsoft Power Pages
Microsoft Exchange Server 2019 Cumulative Update 15
Azure AI Foundry
Windows Admin Center in Azure Portal
Microsoft 365 Copilot
Microsoft Visual Studio 2022 version 17.14
Microsoft SQL Server 2019 for x64-based Systems (CU 32)
Microsoft 365 Copilot's Business Chat
Microsoft Exchange Server Subscription Edition RTM
azl3 thrift 0.15.0-5 on Azure Linux 3.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
azl3 perl 5.38.2-509 on Azure Linux 3.0
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 25H2 for x64-based Systems
azl3 rabbitmq-server 3.13.7-3 on Azure Linux 3.0
cbl2 ceph 16.2.10-11 on CBL Mariner 2.0
azl3 rsync 3.4.1-2 on Azure Linux 3.0
azl3 unbound 1.19.1-5 on Azure Linux 3.0
Microsoft SQL Server 2025 for x64-based Systems (GDR)
azl3 python-urllib3 2.0.7-4 on Azure Linux 3.0
.NET 10.0 installed on Windows
.NET 10.0 installed on Mac OS
.NET 10.0 installed on Linux
Azure Local
Windows 11 version 26H1 for x64-based Systems
Windows 11 Version 26H1 for ARM64-based Systems
azl3 gnutls 3.8.3-8 on Azure Linux 3.0
Microsoft Authenticator for IOS
cbl2 prometheus 2.37.9-7 on CBL Mariner 2.0
Microsoft 365 Copilot for iOS
Microsoft 365 Copilot for Android
Microsoft Global Secure Access (GSA)
Azure Cloud Shell
azl3 valkey 8.0.7-1 on Azure Linux 3.0
Microsoft SQL Server 2022 for x64-based Systems (CU 24)
cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0
azl3 python3 3.12.9-10 on Azure Linux 3.0
azl3 cmake 3.30.3-13 on Azure Linux 3.0
azl3 python-cryptography 42.0.5-4 on Azure Linux 3.0
azl3 coredns 1.11.4-15 on Azure Linux 3.0
azl3 etcd 3.5.28-1 on Azure Linux 3.0
Windows 11 Version 26H1 for x64-based Systems - extra
azl3 curl 8.11.1-6 on Azure Linux 3.0
azl3 cloud-hypervisor 51.1.56-1 on Azure Linux 3.0
azl3 httpd 2.4.66-1 on Azure Linux 3.0
azl3 dnsmasq 2.90-1 on Azure Linux 3.0
azl3 trident 0.22.0-1 on Azure Linux 3.0
Microsoft Visual Studio 2026 version 18.5
Microsoft JIRA SAML SSO plugin
azl3 kernel 6.6.134.1-2 on Azure Linux 3.0
azl3 rust 1.75.0-28 on Azure Linux 3.0
azl3 rpm-ostree 2024.4-10 on Azure Linux 3.0
azl3 clamav 1.5.2-2 on Azure Linux 3.0
azl3 telegraf 1.31.0-19 on Azure Linux 3.0
azl3 rust 1.90.0-7 on Azure Linux 3.0
azl3 expat 2.6.4-6 on Azure Linux 3.0
Microsoft SQL Server 2025 for x64-based Systems (CU4)
Copilot Chat (Microsoft Edge)
azl3 rust-afterburn 5.8.2-1 on Azure Linux 3.0
M365 Copilot for Desktop
Microsoft Data Formulator
Azure Monitor Agent Metrics Extension
Azure Monitor Action Group notification system
Microsoft Planetary Computer Pro (GeoCatalog)
azl3 kernel 6.6.137.1-2 on Azure Linux 3.0
azl3 python-mako 1.2.4-3 on Azure Linux 3.0
azl3 ruby 3.3.5-8 on Azure Linux 3.0
azl3 frr 10.5.0-3 on Azure Linux 3.0
Azure Orbital Spatio
cbl2 httpd 2.4.66-1 on CBL Mariner 2.0
Microsoft Confluence SAML SSO plugin
Microsoft Dynamics 365 Business Central 2024 Release Wave 2
Microsoft Dynamics 365 Business Central Release Wave 1 2025
Microsoft Dynamics 365 Business Central Release Wave 2 2025
Microsoft Dynamics 365 Business Central 2026 Release Wave 1
azl3 pgbouncer 1.25.1-1 on Azure Linux 3.0
azl3 vim 9.2.0392-1 on Azure Linux 3.0
azl3 python-mistune 3.0.2-1 on Azure Linux 3.0
azl3 kernel 6.6.138.1-1 on Azure Linux 3.0
Visual Studio Code - Live Preview extension
azl3 qtsvg 6.6.1-3 on Azure Linux 3.0
Azure Virtual Network Gateway
azl3 simdjson 3.11.6-2 on Azure Linux 3.0
azl3 libyang 2.1.148-1 on Azure Linux 3.0
azl3 postgresql 16.12-1 on Azure Linux 3.0
azl3 nginx 1.28.3-1 on Azure Linux 3.0
azl3 kernel 6.6.139.1-1 on Azure Linux 3.0
Azure Privileged Identity Management (PIM)
azl3 kernel-hwe 6.12.0.0-1 on Azure Linux 3.0
azl3 memcached 1.6.27-4 on Azure Linux 3.0
azl3 bind 9.20.21-1 on Azure Linux 3.0
azl3 haveged 1.9.17-1 on Azure Linux 3.0
Microsoft Loop for Android
Microsoft .NET Framework 3.5 on Windows Server 2012
Microsoft .NET Framework 3.5 on Windows Server 2012 R2
Azure Entra ID Spoofing Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Entra ID
Microsoft
No
CVE-2026-40379
Exposure of Sensitive Information to an Unauthorized Actor
12383
Spoofing
12383
Critical
12383
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.3
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
12383
Sridhar Periyasamy
Thomas Knudson
1.0
2026-05-07T07:00:00
<p>Information published.</p>
1.1
2026-05-15T07:00:00
<p>Corrected CVE title. This is an informational change only.</p>
Azure Machine Learning Notebook Spoofing Vulnerability
<p>Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Machine Learning
Microsoft
No
CVE-2026-32207
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
12152
Spoofing
12152
Critical
12152
Publicly Disclosed:No;Exploited:No
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12152
Jianyang Song
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
<p>Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Managed Instance for Apache Cassandra
Microsoft
No
CVE-2026-33109
Improper Access Control
12387
Remote Code Execution
12387
Critical
12387
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.9
8.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12387
Sharath Unni
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Azure Orbital Spatio Remote Code Execution Vulnerability
<p>Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Orbital Spatio
Microsoft
No
CVE-2026-40412
Unrestricted Upload of File with Dangerous Type
21320
Remote Code Execution
21320
Critical
21320
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
10.0
8.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
21320
Michal Kamensky with Microsoft
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Microsoft Power Pages Remote Code Execution Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Power Pages
Microsoft
No
CVE-2026-23652
Improper Neutralization of Special Elements used in a Command ('Command Injection')
12497
Remote Code Execution
12497
Critical
12497
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
10.0
8.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12497
<a href="https://nl.linkedin.com/in/erik-donker-50a887bb">Erik Donker</a> with Microsoft
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability
<p>Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Privileged Identity Management (PIM)
Microsoft
No
CVE-2026-35430
Authorization Bypass Through User-Controlled Key
21345
Elevation of Privilege
21345
Critical
21345
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
21345
Sridhar Periyasamy with Microsoft
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Azure Virtual Network Gateway Remote Code Execution Vulnerability
<p>Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Virtual Network Gateway
Microsoft
No
CVE-2026-40411
Improper Input Validation
21336
Remote Code Execution
21336
Critical
21336
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.9
8.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
21336
Shay Shavit with Microsoft
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Azure Resource Manager Elevation of Privilege Vulnerability
<p>Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Resource Manager (ARM)
Microsoft
No
CVE-2026-47280
Improper Authentication
12443
Elevation of Privilege
12443
Critical
12443
Publicly Disclosed:No;Exploited:No
10.0
8.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12443
Sridhar Periyasamy
1.0
2026-05-21T07:00:00
<p>Information published.</p>
M365 Copilot Information Disclosure Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
M365 Copilot
Microsoft
No
CVE-2026-42827
Improper Neutralization of Special Elements used in a Command ('Command Injection')
16765
Information Disclosure
16765
Critical
16765
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
16765
Microsoft Office Security Team
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Microsoft Copilot Tampering Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Copilot
Microsoft
No
CVE-2026-41090
Improper Neutralization of Special Elements used in a Command ('Command Injection')
21043
Tampering
21043
Critical
21043
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.3
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
21043
Ofek Levin Enclave with <a href="https://enclave.ai/">Enclave</a>
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Azure Stack HCI Information Disclosure Vulnerability
<p>Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Compute Gallery
Microsoft
No
CVE-2026-26147
Improper Input Validation
12394
Information Disclosure
12394
Critical
12394
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
7.7
6.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
12394
Michal Kamensky with Microsoft
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability
<p>Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Azure Active Directory B2C
Microsoft
No
CVE-2026-33843
Authentication Bypass Using an Alternate Path or Channel
12383
Elevation of Privilege
12383
Critical
12383
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
12383
<a href="https://securesaml.com/">Alexander Tan</a> with SecureSAML
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-9974 Out of bounds write in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9974
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:07
<p>Information published.</p>
Azure Monitor Agent Elevation of Privilege Vulnerability
<p>External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could an attacker gain with successful exploitation?</strong></p>
<p>An attacker who successfully exploited the vulnerability could elevate their privileges to 'root' user.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could send specially crafted configuration messages to a locally running Azure Monitor Agent service that does not strictly validate incoming requests. By doing so, the attacker may be able to write files on the affected system, which could then be used to run unauthorized code.</p>
Azure Monitor Agent
Microsoft
Yes
CVE-2026-32204
External Control of File Name or Path
12331
Elevation of Privilege
12331
Important
12331
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12331
Release Notes
12331
No
Security Update
1.14.0
https://eng.ms/docs/products/geneva/collect/references/amacoreagent/release-notes
12331
Release Notes
P1hcn
1.0
2026-05-12T07:00:00
<p>Information published.</p>
.NET Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain ELEVATED privileges, which may allow them to perform actions beyond their original permissions.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality) and modify code in the repo, (Integrity), and they might be able to interfere with availability of the code (Availability).</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could view sensitive information such as other user's credentials (Confidentiality) and make changes to file contents on the target server (Integrity), and they might be able to force a crash (Availability).</p>
.NET
Microsoft
Yes
CVE-2026-32177
Heap-based Buffer Overflow
Improper Input Validation
20837
12414
12434
12459
16767
21244
11650-10853
11650-10816
11650-10378
11650-10483
11676-11569
11676-11570
11676-11571
11676-11923
11676-11931
11676-12097
11676-12098
11677-11569
11677-11570
11677-11571
11863-10378
11863-10483
12079-11923
12079-11930
12079-12086
12079-12097
12079-12098
12079-20437
12079-20438
12079-21196
12079-12243
12079-12389
12079-12390
12079-12436
12079-20853
12079-20854
2472-10378
2472-10483
Elevation of Privilege
20837
Elevation of Privilege
12414
Elevation of Privilege
12434
Elevation of Privilege
12459
Elevation of Privilege
16767
Elevation of Privilege
21244
Elevation of Privilege
11650-10853
Elevation of Privilege
11650-10816
Elevation of Privilege
11650-10378
Elevation of Privilege
11650-10483
Elevation of Privilege
11676-11569
Elevation of Privilege
11676-11570
Elevation of Privilege
11676-11571
Elevation of Privilege
11676-11923
Elevation of Privilege
11676-11931
Elevation of Privilege
11676-12097
Elevation of Privilege
11676-12098
Elevation of Privilege
11677-11569
Elevation of Privilege
11677-11570
Elevation of Privilege
11677-11571
Elevation of Privilege
11863-10378
Elevation of Privilege
11863-10483
Elevation of Privilege
12079-11923
Elevation of Privilege
12079-11930
Elevation of Privilege
12079-12086
Elevation of Privilege
12079-12097
Elevation of Privilege
12079-12098
Elevation of Privilege
12079-20437
Elevation of Privilege
12079-20438
Elevation of Privilege
12079-21196
Elevation of Privilege
12079-12243
Elevation of Privilege
12079-12389
Elevation of Privilege
12079-12390
Elevation of Privilege
12079-12436
Elevation of Privilege
12079-20853
Elevation of Privilege
12079-20854
Elevation of Privilege
2472-10378
Elevation of Privilege
2472-10483
Important
20837
Important
12414
Important
12434
Important
12459
Important
16767
Important
21244
Important
11650-10853
Important
11650-10816
Important
11650-10378
Important
11650-10483
Important
11676-11569
Important
11676-11570
Important
11676-11571
Important
11676-11923
Important
11676-11931
Important
11676-12097
Important
11676-12098
Important
11677-11569
Important
11677-11570
Important
11677-11571
Important
11863-10378
Important
11863-10483
Important
12079-11923
Important
12079-11930
Important
12079-12086
Important
12079-12097
Important
12079-12098
Important
12079-20437
Important
12079-20438
Important
12079-21196
Important
12079-12243
Important
12079-12389
Important
12079-12390
Important
12079-12436
Important
12079-20853
Important
12079-20854
Important
2472-10378
Important
2472-10483
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
20837
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12414
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12434
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12459
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
16767
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
21244
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11650-10853
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11650-10816
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11650-10378
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11650-10483
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-11569
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-11570
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-11571
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-11923
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-11931
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-12097
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-12098
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11677-11569
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11677-11570
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11677-11571
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11863-10378
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11863-10483
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-11923
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-11930
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12086
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12097
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12098
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-20437
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-20438
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-21196
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12243
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12389
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12390
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12436
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-20853
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-20854
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
2472-10378
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
2472-10483
5093446
https://dotnet.microsoft.com/download/dotnet/10.0
20837
Maybe
Security Update
10.0.8
https://support.microsoft.com/help/5093446
20837
5093446
5093447
https://dotnet.microsoft.com/download/dotnet/8.0
12414
Maybe
Security Update
8.0.27
https://support.microsoft.com/help/5093447
12414
5093447
5093448
https://dotnet.microsoft.com/download/dotnet/9.0
12434
Maybe
Security Update
9.0.16
https://support.microsoft.com/help/5093448
12434
5093448
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12
12459
Maybe
Security Update
17.12.20
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.12
12459
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14
16767
Maybe
Security Update
17.14.32
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
16767
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2026 version 18.4
21244
Maybe
Security Update
18.5.3
https://learn.microsoft.com/en-us/visualstudio/releases/2026/release-notes
21244
Release Notes
5087065
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087065
11650-10853
11650-10816
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087065
11650-10853
11650-10816
5087065
5087067
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087067
11650-10378
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087067
11650-10378
5087067
5087069
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087069
11650-10483
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087069
11650-10483
5087069
5087066
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087066
11676-11569
11676-11570
11676-11571
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087066
11676-11569
11676-11570
11676-11571
5087066
5087068
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087068
11676-11923
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087068
11676-11923
5087068
5087064
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087064
11676-11931
11676-12097
11676-12098
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087064
11676-11931
11676-12097
11676-12098
5087064
5087061
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087061
11677-11569
11677-11570
11677-11571
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087061
11677-11569
11677-11570
11677-11571
5087061
5087062
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087062
11863-10378
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087062
11863-10378
5087062
5087063
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087063
11863-10483
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087063
11863-10483
5087063
5087059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087059
12079-11923
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087059
12079-11923
5087059
5087053
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087053
12079-11930
12079-12097
12079-12098
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087053
12079-11930
12079-12097
12079-12098
5087053
5087058
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087058
12079-12086
12079-12243
Yes
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087058
12079-12086
12079-12243
5087058
5087051
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087051
12079-20437
12079-20438
12079-12436
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087051
12079-20437
12079-20438
12079-12436
5087051
5087055
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087055
12079-21196
12079-20853
12079-20854
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087055
12079-21196
12079-20853
12079-20854
5087055
5087054
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087054
12079-12389
12079-12390
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087054
12079-12389
12079-12390
5087054
5087048
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087048
2472-10378
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087048
2472-10378
5087048
5087049
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087049
2472-10483
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087049
2472-10483
5087049
Ky0toFu
3.0
2026-05-18T07:00:00
<p>Removed incorrectly added rows from the Security Updates table. This is an informational change only.</p>
4.0
2026-06-05T07:00:00
<p>This CVE was updated to fix the download links for .NET Framework 3.8 & 4.81 installed on Windows Server 2025. Microsoft recommend installing the security update if you haven't done so already.</p>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
2.0
2026-05-14T07:00:00
<p>Updated links to the .NET Framework security updates. Customers running these versions of .NET Framework are encouraged to install the updates for the indicated versions to be protected from this vulnerability.</p>
Azure SDK for Java Security Feature Bypass Vulnerability
<p>The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks. Operations delegated to the Key Vault service are not affected. The issue is addressed in version 4.10.6.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability could allow an attacker to bypass the integrity protection provided by the authentication tag that is designed to detect tampering with encrypted data. This may prevent the system from identifying whether encrypted content has been modified before it is decrypted.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by sending specially crafted encrypted data to an affected application that uses the vulnerable decryption implementation and observing how the application responds. If the application is reachable over a network, this could allow the attacker to manipulate encrypted input in a way that bypasses integrity checks during decryption.</p>
Azure SDK
Microsoft
Yes
CVE-2026-33117
Improper Authentication
Improper Verification of Cryptographic Signature
11817
Security Feature Bypass
11817
Important
11817
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
9.1
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11817
Release Notes
https://central.sonatype.com/artifact/com.azure/azure-security-keyvault-keys/4.10.6
11817
No
Security Update
4.10.6
https://github.com/Azure/azure-sdk-for-java/pull/48476
11817
Release Notes
sho odagiri with <a href="https://gmo-cybersecurity.com/">GMO CyberSecurity by ierae inc</a>
1.1
2026-05-22T07:00:00
<p>The executive summary has been updated to include additional details about this vulnerability. This change does not affect the available security updates. Customers should install the recommended updates to remain protected from this vulnerability.</p>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Event Logging Service Elevation of Privilege Vulnerability
<p>Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Event Logging Service
Microsoft
Yes
CVE-2026-33834
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
<a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities & Mitigations
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K - GRFX
Microsoft
Yes
CVE-2026-33839
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
Anonymous
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level or a High Integrity Level.</p>
<p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p>
Windows Kernel
Microsoft
Yes
CVE-2026-33841
Heap-based Buffer Overflow
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20854
21196
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20854
Elevation of Privilege
21196
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20854
Important
21196
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
21196
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20854
21196
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20854
21196
5089548
<a href="https://www.linkedin.com/in/boolgombear/">Minjea Park</a> with <a href="https://stealien.com/main">Stealien</a>
Kentaro Kawane with GMO Cybersecurity by Ierae, Inc.
Anonymous
Andrew Fasano with <a href="https://nist.gov/caisi">NIST Center for AI Standards and Innovation</a>
Andrew Fasano with <a href="https://nist.gov/caisi">NIST Center for AI Standards and Innovation</a>
<a href="https://www.linkedin.com/in/p1nkjelly/">Minwoo Jeong (P1nkjelly)</a> with <a href="https://hacking.kaist.ac.kr/">KAIST Hacking Lab</a>
<a href="https://x.com/r0keb">r0keb</a> with <a href="https://calif.io/">Calif</a>
<a href="https://x.com/r0keb">r0keb</a> with <a href="https://calif.io/">Calif</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
1.1
2026-06-05T07:00:00
<p>Updated an acknowledgement. This is an informational change only.</p>
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could send a specially crafted message over the network to a system running the Windows Message Queuing (MSMQ) service. This message is processed by the MSMQ service and triggers a memory corruption condition, which could allow the attacker to run code on the affected system.</p>
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p>
Windows Message Queuing
Microsoft
Yes
CVE-2026-34329
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
20853
Remote Code Execution
20854
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
<a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K - GRFX
Microsoft
Yes
CVE-2026-34330
Integer Overflow or Wraparound
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
wenqunwang with China Telecom Research Institute
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K - GRFX
Microsoft
Yes
CVE-2026-34331
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
wenqunwang with China Telecom Research Institute
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Win32k Elevation of Privilege Vulnerability
<p>Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K - GRFX
Microsoft
Yes
CVE-2026-34333
Use After Free
Integer Overflow or Wraparound
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
wenqunwang with China Telecom Research Institute
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Print Spooler Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p>
Windows Print Spooler Components
Microsoft
Yes
CVE-2026-34342
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Marcin Wiazowski working with <a href="https://www.zerodayinitiative.com/">TrendAI Zero Day Initiative</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Application Identity (AppID) Subsystem
Microsoft
Yes
CVE-2026-34343
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
<a href="https://bsky.app/profile/hexnomad.bsky.social">Erik Egsgard</a> with <a href="https://fieldeffect.com/">Field Effect</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2026-34344
Access of Resource Using Incompatible Type ('Type Confusion')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
Puponia
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2026-34345
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Win32k Elevation of Privilege Vulnerability
<p>Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K - GRFX
Microsoft
Yes
CVE-2026-34347
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
wenqunwang with China Telecom Research Institute
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Storport Miniport Driver Denial of Service Vulnerability
<p>Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>To trigger this vulnerability, a user must actively connect to the affected server and run a specific command. The vulnerability cannot be triggered automatically or in the background; it only occurs when a user intentionally interacts with the server using this command.</p>
Windows Storport Miniport Driver
Microsoft
Yes
CVE-2026-34350
NULL Pointer Dereference
12437
12436
Denial of Service
12437
Denial of Service
12436
Important
12437
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
Microsoft Offensive Research & Security Engineering
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows TCP/IP Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows TCP/IP
Microsoft
Yes
CVE-2026-34351
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
hazard
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Storage Spaces Controller Elevation of Privilege Vulnerability
<p>Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Storage Spaces Controller
Microsoft
Yes
CVE-2026-35415
Integer Overflow or Wraparound
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Jan Vojtesek with <a href="http://sentinelone.com/">SentinelOne</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2026-35416
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Win32k Elevation of Privilege Vulnerability
<p>Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K - ICOMP
Microsoft
Yes
CVE-2026-35417
Access of Resource Using Incompatible Type ('Type Confusion')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
Owen McCullough
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
<p>Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Cloud Files Mini Filter Driver
Microsoft
Yes
CVE-2026-35418
Use After Free
Time-of-check Time-of-use (TOCTOU) Race Condition
11923
11924
11929
11931
11930
11572
12097
12098
12099
12437
20437
12244
20438
12389
12243
12390
12242
12436
20853
20854
11568
11569
11571
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11931
Elevation of Privilege
11930
Elevation of Privilege
11572
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
12244
Elevation of Privilege
20438
Elevation of Privilege
12389
Elevation of Privilege
12243
Elevation of Privilege
12390
Elevation of Privilege
12242
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Important
11923
Important
11924
Important
11929
Important
11931
Important
11930
Important
11572
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
12244
Important
20438
Important
12389
Important
12243
Important
12390
Important
12242
Important
12436
Important
20853
Important
20854
Important
11568
Important
11569
Important
11571
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11931
11930
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11931
11930
5087544
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11572
11568
11569
11571
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11572
11568
11569
11571
5087538
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
Anonymous
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows DWM Core Library Information Disclosure Vulnerability
<p>Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows DWM Core Library
Microsoft
Yes
CVE-2026-35419
Out-of-bounds Read
12437
20437
20438
12389
12390
12436
20853
20854
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
20853
Information Disclosure
20854
Important
12437
Important
20437
Important
20438
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20854
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
<a href="https://x.com/immortalp0ny">Sergey immortalp0ny Tarasov</a> with <a href="https://global.ptsecurity.com/">Positive Technologies</a>
namnp with <a href="https://x.com/vcslab">Viettel Cyber Security</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Kernel
Microsoft
Yes
CVE-2026-35420
Heap-based Buffer Overflow
11571
11572
11923
11924
12437
12244
12436
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
12437
Elevation of Privilege
12244
Elevation of Privilege
12436
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
<a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37), SEC-agent team</a>
<a href="https://linkedin.com/in/hwiwonlee">Hwiwon Lee (hwiwonl), SEC-agent team</a>
Younggi Park (grill66), SEC-agent team
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows GDI Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>For this vulnerability to be exploited, a user would need to open or otherwise process a specially crafted Enhanced Metafile (EMF) file using Microsoft Paint. This action is necessary to trigger the affected graphics functionality in the Windows component.</p>
Windows GDI
Microsoft
Yes
CVE-2026-35421
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
20853
Remote Code Execution
20854
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
20437
Critical
20438
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
20853
Critical
20854
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
pwn2addr
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows TCP/IP Driver Security Feature Bypass Vulnerability
<p>Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass IPsec execution policy enforcement, allowing them to circumvent the rules and restrictions that govern how IPsec is applied. This could enable unauthorized or untrusted network communications to proceed without the intended security protections being enforced.</p>
Windows TCP/IP
Microsoft
Yes
CVE-2026-35422
Authentication Bypass Using an Alternate Path or Channel
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12437
Security Feature Bypass
20437
Security Feature Bypass
20438
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Security Feature Bypass
20853
Security Feature Bypass
20854
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
20437
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
20438
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
20853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
20854
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows 11 Telnet Client Information Disclosure Vulnerability
<p>Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), no loss to integrity (I:N) and lead to some loss of availability (A:L). What is the impact of this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability could allow an attacker to access limited sensitive information from system memory and may cause intermittent interruptions or reduced performance in the affected application. However, it would not allow the attacker to modify data.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker could potentially read limited portions of memory from the affected system, which may include sensitive information being processed by the Telnet client at the time of the connection.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>For this vulnerability to be exploited, a user would need to initiate a Telnet connection to a malicious or compromised server, allowing specially crafted authentication responses to be processed by the Telnet client. Successful exploitation requires a user to take an action before the vulnerability can be triggered.</p>
Telnet Client
Microsoft
Yes
CVE-2026-35423
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
20853
Information Disclosure
20854
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
11568
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
11569
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
11571
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
11572
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
11923
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
11924
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
11929
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
11930
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
11931
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
12097
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
12098
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
12099
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
12437
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
20437
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
20438
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
12242
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
12243
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
12244
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
12389
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
12390
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
12436
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
20853
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
20854
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
10852
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
10853
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
10816
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
10855
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
10378
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
10379
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
10483
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
<p>Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.</p>
Windows Internet Key Exchange (IKE) Protocol
Microsoft
Yes
CVE-2026-35424
Missing Release of Memory after Effective Lifetime
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
20437
Denial of Service
20438
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
20853
Denial of Service
20854
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20854
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
.NET Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality) and modify code in the repo, (Integrity), and they might be able to interfere with availability of the code (Availability).</p>
.NET
Microsoft
Yes
CVE-2026-35433
Improper Input Validation
Integer Overflow or Wraparound
20837
12414
12434
11650-10853
11650-10816
11650-10378
11650-10483
11676-11569
11676-11570
11676-11923
11676-11927
11676-11930
11676-11931
11676-12097
11676-12098
11677-11569
11677-11570
12079-11923
12079-11930
12079-11931
12079-12085
12079-12086
12079-20437
12079-20438
12079-21196
12079-12242
12079-12243
12079-12389
12079-12390
12079-12436
12079-20853
12079-20854
2472-10378
2472-10483
Elevation of Privilege
20837
Elevation of Privilege
12414
Elevation of Privilege
12434
Elevation of Privilege
11650-10853
Elevation of Privilege
11650-10816
Elevation of Privilege
11650-10378
Elevation of Privilege
11650-10483
Elevation of Privilege
11676-11569
Elevation of Privilege
11676-11570
Elevation of Privilege
11676-11923
Elevation of Privilege
11676-11927
Elevation of Privilege
11676-11930
Elevation of Privilege
11676-11931
Elevation of Privilege
11676-12097
Elevation of Privilege
11676-12098
Elevation of Privilege
11677-11569
Elevation of Privilege
11677-11570
Elevation of Privilege
12079-11923
Elevation of Privilege
12079-11930
Elevation of Privilege
12079-11931
Elevation of Privilege
12079-12085
Elevation of Privilege
12079-12086
Elevation of Privilege
12079-20437
Elevation of Privilege
12079-20438
Elevation of Privilege
12079-21196
Elevation of Privilege
12079-12242
Elevation of Privilege
12079-12243
Elevation of Privilege
12079-12389
Elevation of Privilege
12079-12390
Elevation of Privilege
12079-12436
Elevation of Privilege
12079-20853
Elevation of Privilege
12079-20854
Elevation of Privilege
2472-10378
Elevation of Privilege
2472-10483
Important
20837
Important
12414
Important
12434
Important
11650-10853
Important
11650-10816
Important
11650-10378
Important
11650-10483
Important
11676-11569
Important
11676-11570
Important
11676-11923
Important
11676-11927
Important
11676-11930
Important
11676-11931
Important
11676-12097
Important
11676-12098
Important
11677-11569
Important
11677-11570
Important
12079-11923
Important
12079-11930
Important
12079-11931
Important
12079-12085
Important
12079-12086
Important
12079-20437
Important
12079-20438
Important
12079-21196
Important
12079-12242
Important
12079-12243
Important
12079-12389
Important
12079-12390
Important
12079-12436
Important
12079-20853
Important
12079-20854
Important
2472-10378
Important
2472-10483
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
20837
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12414
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12434
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11650-10853
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11650-10816
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11650-10378
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11650-10483
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-11569
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-11570
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-11923
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-11927
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-11930
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-11931
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-12097
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11676-12098
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11677-11569
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
11677-11570
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-11923
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-11930
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-11931
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12085
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12086
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-20437
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-20438
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-21196
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12242
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12243
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12389
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12390
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-12436
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-20853
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
12079-20854
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
2472-10378
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
2472-10483
5093446
https://dotnet.microsoft.com/download/dotnet/10.0
20837
Maybe
Security Update
10.0.8
https://support.microsoft.com/help/5093446
20837
5093446
5093447
https://dotnet.microsoft.com/download/dotnet/8.0
12414
Maybe
Security Update
8.0.27
https://support.microsoft.com/help/5093447
12414
5093447
5093448
https://dotnet.microsoft.com/download/dotnet/9.0
12434
Maybe
Security Update
9.0.16
https://support.microsoft.com/help/5093448
12434
5093448
5087065
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087065
11650-10853
11650-10816
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087065
11650-10853
11650-10816
5087065
5087067
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087067
11650-10378
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087067
11650-10378
5087067
5087063
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087063
11650-10483
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087063
11650-10483
5087063
5087066
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087066
11676-11569
11676-11570
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087066
11676-11569
11676-11570
5087066
5087068
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087068
11676-11923
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087068
11676-11923
5087068
5087064
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087064
11676-11927
11676-11930
11676-11931
11676-12097
11676-12098
12079-12085
12079-12086
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087064
11676-11927
11676-11930
11676-11931
11676-12097
11676-12098
12079-12085
12079-12086
5087064
5087061
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087061
11677-11569
11677-11570
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087061
11677-11569
11677-11570
5087061
5087059
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087059
12079-11923
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087059
12079-11923
5087059
5087053
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087053
12079-11930
12079-11931
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087053
12079-11930
12079-11931
5087053
5087051
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087051
12079-20437
12079-20438
12079-12436
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087051
12079-20437
12079-20438
12079-12436
5087051
5087055
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087055
12079-21196
12079-20853
12079-20854
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087055
12079-21196
12079-20853
12079-20854
5087055
5087058
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087058
12079-12242
12079-12243
Yes
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087058
12079-12242
12079-12243
5087058
5087054
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087054
12079-12389
12079-12390
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087054
12079-12389
12079-12390
5087054
5087048
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087048
2472-10378
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087048
2472-10378
5087048
5087049
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087049
2472-10483
Maybe
Security Update
4.8.9334.0 and 4.8.4802.0
https://support.microsoft.com/help/5087049
2472-10483
5087049
Ky0toFu
1.0
2026-05-12T07:00:00
<p>Information published.</p>
3.0
2026-06-05T07:00:00
<p>This CVE was updated to fix the download links for .NET Framework 3.8 & 4.81 installed on Windows Server 2025. Microsoft recommend installing the security update if you haven't done so already.</p>
2.0
2026-05-14T07:00:00
<p>Updated links to the .NET Framework security updates. Customers running these versions of .NET Framework are encouraged to install the updates for the indicated versions to be protected from this vulnerability.</p>
Windows Admin Center Elevation of Privilege Vulnerability
<p>Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to a minor loss of confidentiality (C:L), but major integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation primarily allows a low-privileged attacker to perform unauthorized actions that affect the system’s integrity and availability. Specifically, the attacker could install an arbitrary available Windows Admin Center version from the update catalog, which can overwrite or alter the existing installation and disrupt normal operation. This is why integrity and availability are rated as high impact.</p>
<p>The impact to confidentiality is considered limited because exploitation does not directly expose sensitive information. However, there is a potential for indirect confidentiality impact if the attacker installs a version that contains known information disclosure issues or weaker security protections.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An authenticated attacker with low privileges could gain the ability to perform actions that should require higher‑level permissions. Specifically, they could install an arbitrary available Windows Admin Center version from the update catalog. This includes reinstalling the current version, installing older versions, or installing any other available version that is not the latest—including versions that may contain known vulnerabilities.</p>
<p>This effectively allows the attacker to make unauthorized changes to the software configuration beyond what their assigned access level is intended to permit.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An authenticated attacker with low‑privileged access could exploit this vulnerability by sending a specially crafted request to the affected Windows Admin Center update API, allowing them to perform actions that their assigned permissions should not normally permit.</p>
Windows Admin Center
Microsoft
Yes
CVE-2026-35438
Missing Authorization
11629
Elevation of Privilege
11629
Important
11629
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.3
7.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C
11629
Release Notes
http://aka.ms/downloadWAC
11629
No
Security Update
2.6.5.16
https://aka.ms/wac2511
11629
Release Notes
sho odagiri with <a href="https://gmo-cybersecurity.com/">GMO Cybersecurity by Ierae inc</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p>
<p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p>
<p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-35439
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002868
https://www.microsoft.com/en-us/download/details.aspx?id=108651
5002861
10950
Maybe
Security Update
16.0.5552.1002
https://support.microsoft.com/help/5002868
10950
5002868
5002870
https://www.microsoft.com/en-us/download/details.aspx?id=108654
5002854
11585
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002870
11585
5002870
5002863
https://www.microsoft.com/en-us/download/details.aspx?id=108655
5002853
11961
Maybe
Security Update
16.0.19725.20280
https://support.microsoft.com/help/5002863
11961
5002863
f7d8c52bec79e42795cf15888b85cbad
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Word Information Disclosure Vulnerability
<p>Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious email and convince a user to reply it.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2026-35440
Files or Directories Accessible to External Parties
11573
11574
11762
11763
11952
11953
12420
12421
10746
10747
Information Disclosure
11573
Information Disclosure
11574
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
11952
Information Disclosure
11953
Information Disclosure
12420
Information Disclosure
12421
Information Disclosure
10746
Information Disclosure
10747
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Important
10746
Important
10747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11573
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11574
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11762
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11763
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11952
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11953
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12420
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12421
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10746
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10747
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
5002858
https://www.microsoft.com/en-us/download/details.aspx?id=108649
5002848
10746
10747
Maybe
Security Update
16.0.5552.1000
https://support.microsoft.com/help/5002858
10746
10747
5002858
tiebuchen
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Excel Information Disclosure Vulnerability
<p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2026-40360
Out-of-bounds Read
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Information Disclosure
10836
Information Disclosure
11573
Information Disclosure
11574
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
11951
Information Disclosure
11952
Information Disclosure
11953
Information Disclosure
12420
Information Disclosure
12421
Information Disclosure
12440
Information Disclosure
10739
Information Disclosure
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002871
https://www.microsoft.com/en-us/download/details.aspx?id=108650
5002855
10836
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002871
10836
5002871
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.109.26051019
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002865
https://www.microsoft.com/en-us/download/details.aspx?id=108648
5002860
10739
10740
Maybe
Security Update
16.0.5552.1000
https://support.microsoft.com/help/5002865
10739
10740
5002865
<a href="https://x.com/dnpushme">f4 & Zhiniang Peng with HUST</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
Microsoft Office
Microsoft
Yes
CVE-2026-40363
Heap-based Buffer Overflow
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10753
10754
12155
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Remote Code Execution
12155
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12420
Critical
12421
Critical
12440
Critical
10753
Critical
10754
Critical
12155
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12155
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.109.26051019
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002866
https://www.microsoft.com/en-us/download/details.aspx?id=108647
5002859
10753
10754
Maybe
Security Update
16.0.5552.1000
https://support.microsoft.com/help/5002866
10753
10754
5002866
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
12155
Maybe
Security Update
16.0.19822.20190
https://support.google.com/googleplay/answer/113412?hl=en
12155
Release Notes
<a href="https://x.com/lmksecurity">Jeongmin Choi</a> with <a href="https://s2w.inc/ko/">S2W</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2026-40364
Access of Resource Using Incompatible Type ('Type Confusion')
Use of Uninitialized Resource
Heap-based Buffer Overflow
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10746
10747
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10746
Remote Code Execution
10747
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12420
Critical
12421
Critical
12440
Critical
10746
Critical
10747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10746
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10747
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.109.26051019
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002858
https://www.microsoft.com/en-us/download/details.aspx?id=108649
5002848
10746
10747
Maybe
Security Update
16.0.5552.1000
https://support.microsoft.com/help/5002858
10746
10747
5002858
tiebuchen
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2026-40366
Use After Free
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10746
10747
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10746
Remote Code Execution
10747
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12420
Critical
12421
Critical
12440
Critical
10746
Critical
10747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10746
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10747
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.109.26051019
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002858
https://www.microsoft.com/en-us/download/details.aspx?id=108649
5002848
10746
10747
Maybe
Security Update
16.0.5552.1000
https://support.microsoft.com/help/5002858
10746
10747
5002858
tiebuchen
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p>
<p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-40368
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002868
https://www.microsoft.com/en-us/download/details.aspx?id=108651
5002861
10950
Maybe
Security Update
16.0.5552.1002
https://support.microsoft.com/help/5002868
10950
5002868
5002870
https://www.microsoft.com/en-us/download/details.aspx?id=108654
5002854
11585
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002870
11585
5002870
5002863
https://www.microsoft.com/en-us/download/details.aspx?id=108655
5002853
11961
Maybe
Security Update
16.0.19725.20280
https://support.microsoft.com/help/5002863
11961
5002863
Butterfly
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Power Automate Desktop Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>This vulnerability could expose values stored in variables that were marked as “Sensitive” within Power Automate Desktop flows. Due to a logging issue, these sensitive variable values may appear in execution logs uploaded to the Power Automate portal and be viewable by users with Owner, Co-Owner, or Runner permissions for the affected desktop flow.</p>
Power Automate
Microsoft
Yes
CVE-2026-40374
Exposure of Sensitive Information to an Unauthorized Actor
12410
Information Disclosure
12410
Important
12410
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12410
Release Notes
https://go.microsoft.com/fwlink/?linkid=2102613
12410
No
Security Update
2.67
https://learn.microsoft.com/en-us/power-platform/released-versions/power-automate-desktop
12410
Release Notes
Ioannis Panagiotopoulos with Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Cryptographic Services
Microsoft
Yes
CVE-2026-40377
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
<a href="https://x.com/brucedang">Bruce Dang</a> with <a href="https://www.calif.io/">Calif.io</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.</p>
<p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p>
<p>To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users.</p>
<p>Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions.</p>
Windows Volume Manager Extension Driver
Microsoft
Yes
CVE-2026-40380
Heap-based Buffer Overflow
Out-of-bounds Read
Numeric Truncation Error
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
20853
Remote Code Execution
20854
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
6.2
5.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Calif.io in collaboration with Claude and Anthropic Research
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows TCP/IP Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows TCP/IP
Microsoft
Yes
CVE-2026-40399
Stack-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
WARP & MORSE teams at Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows TCP/IP Denial of Service Vulnerability
<p>Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.</p>
Windows TCP/IP
Microsoft
Yes
CVE-2026-40405
NULL Pointer Dereference
12437
20437
20438
12389
12390
12436
20853
20854
Denial of Service
12437
Denial of Service
20437
Denial of Service
20438
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
20853
Denial of Service
20854
Important
12437
Important
20437
Important
20438
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20854
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows TCP/IP Information Disclosure Vulnerability
<p>Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p>
Windows TCP/IP
Microsoft
Yes
CVE-2026-40406
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
20853
Information Disclosure
20854
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
20854
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Common Log File System Driver Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Common Log File System Driver
Microsoft
Yes
CVE-2026-40407
Heap-based Buffer Overflow
11924
11571
11923
11568
11569
11572
11931
11929
11930
12097
12099
12098
12437
20438
12243
20437
12242
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10379
10483
10378
10543
Elevation of Privilege
11924
Elevation of Privilege
11571
Elevation of Privilege
11923
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11572
Elevation of Privilege
11931
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
12097
Elevation of Privilege
12099
Elevation of Privilege
12098
Elevation of Privilege
12437
Elevation of Privilege
20438
Elevation of Privilege
12243
Elevation of Privilege
20437
Elevation of Privilege
12242
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10378
Elevation of Privilege
10543
Important
11924
Important
11571
Important
11923
Important
11568
Important
11569
Important
11572
Important
11931
Important
11929
Important
11930
Important
12097
Important
12099
Important
12098
Important
12437
Important
20438
Important
12243
Important
20437
Important
12242
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10379
Important
10483
Important
10378
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11924
11923
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11924
11923
5087545
5087545
https://support.microsoft.com/help/5087545
11924
11923
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11924
11923
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11924
11923
5087424
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11571
11568
11569
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11571
11568
11569
11572
5087538
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11931
11929
11930
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11931
11929
11930
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12099
12098
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12099
12098
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12099
12098
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20438
20437
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20438
20437
5089549
5089549
https://support.microsoft.com/help/5089549
20438
20437
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20438
20437
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20438
20437
5089466
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10379
10378
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10379
10378
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows WAN ARP Driver Elevation of Privilege Vulnerability
<p>Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Kernel-Mode Drivers
Microsoft
Yes
CVE-2026-40408
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
hazard
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows SMB Client Elevation of Privilege Vulnerability
<p>Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows SMB Client
Microsoft
Yes
CVE-2026-40410
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Anonymous
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows TCP/IP Denial of Service Vulnerability
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.</p>
Windows TCP/IP
Microsoft
Yes
CVE-2026-40414
NULL Pointer Dereference
11569
11571
11572
11923
11924
11931
12097
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10853
10816
10855
10378
10379
10483
10543
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11931
Denial of Service
12097
Denial of Service
12437
Denial of Service
20437
Denial of Service
20438
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
20853
Denial of Service
20854
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11931
Important
12097
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20437
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20438
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20853
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20854
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
5094127
5094127
https://support.microsoft.com/help/5094127
12097
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Windows Attack Research & Protection (WARP) with <a href="https://microsoft.com/">Microsoft</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows TCP/IP Remote Code Execution Vulnerability
<p>Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation requires the target system to be under sustained low-memory (memory pressure) conditions, which are not commonly present in normal operation. This makes the vulnerability difficult to reliably trigger, as the attacker must first induce or wait for a constrained memory state before exploitation becomes possible.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by sending specially crafted malicious traffic to a vulnerable server.</p>
Windows TCP/IP
Microsoft
Yes
CVE-2026-40415
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
20853
Remote Code Execution
20854
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
Windows Attack Research & Protection (WARP) with <a href="https://microsoft.com/">Microsoft</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
<p>Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Dynamics Business Central
Microsoft
Yes
CVE-2026-40417
Weak Authentication
21327
21325
21326
21324
Elevation of Privilege
21327
Elevation of Privilege
21325
Elevation of Privilege
21326
Elevation of Privilege
21324
Important
21327
Important
21325
Important
21326
Important
21324
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
21327
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
21325
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
21326
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
21324
5093780
https://support.microsoft.com/en-us/topic/update-28-1-for-microsoft-dynamics-365-business-central-2026-release-wave-1-application-build-28-1-49886-platform-build-28-0-49873-fdf9d853-6477-4413-9d72-4fd762c7eeaf
21327
Maybe
Security Update
28.1
http://support.microsoft.com/kb/5093780
21327
5093780
5086069
https://support.microsoft.com/en-us/topic/update-26-12-for-microsoft-dynamics-365-business-central-2025-release-wave-1-application-build-26-12-48244-platform-build-26-0-48120-03fdc340-6d17-4a0c-9c0b-832e5bbd4c0c
21325
Maybe
Security Update
26.12
http://support.microsoft.com/kb/5086069
21325
5086069
5086070
https://support.microsoft.com/en-us/topic/update-27-6-for-microsoft-dynamics-365-business-central-2025-release-wave-2-application-build-27-6-48260-platform-build-27-0-48102-e210498d-346d-4435-b2de-388206225d67
21326
Maybe
Security Update
27.6
http://support.microsoft.com/kb/5086070
21326
5086070
5086068
https://support.microsoft.com/en-us/topic/update-25-18-for-microsoft-dynamics-365-business-central-2024-release-wave-2-application-build-25-18-48229-platform-build-25-2-48119-e2f0099d-035b-44aa-8762-d31e4cc99a09
21324
Maybe
Security Update
25.18
http://support.microsoft.com/kb/5086068
21324
5086068
<a href="https://x.com/__nhienit__">Nhien Pham (@nhienit)</a> with Galaxy One
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
<p>Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2026-40419
Use After Free
11573
11574
11762
11763
11952
11953
12420
12421
Elevation of Privilege
11573
Elevation of Privilege
11574
Elevation of Privilege
11762
Elevation of Privilege
11763
Elevation of Privilege
11952
Elevation of Privilege
11953
Elevation of Privilege
12420
Elevation of Privilege
12421
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
0ccbbf129444eb66344ccafb92b00df4
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Word Information Disclosure Vulnerability
<p>Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2026-40421
External Control of File Name or Path
11573
11574
11762
11763
11952
11953
12420
12421
10746
10747
Information Disclosure
11573
Information Disclosure
11574
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
11952
Information Disclosure
11953
Information Disclosure
12420
Information Disclosure
12421
Information Disclosure
10746
Information Disclosure
10747
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Important
10746
Important
10747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11573
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11574
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11762
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11763
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11952
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11953
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12420
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12421
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10746
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10747
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
5002858
https://www.microsoft.com/en-us/download/details.aspx?id=108649
5002848
10746
10747
Maybe
Security Update
16.0.5552.1000
https://support.microsoft.com/help/5002858
10746
10747
5002858
tiebuchen
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2026-41088
External Control of File Name or Path
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
Soon Oh with Microsoft
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
1.1
2026-05-29T07:00:00
<p>Updated an acknowledgement. This is an informational change only.</p>
Windows Netlogon Remote Code Execution Vulnerability
<p>Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could send a specially crafted network request to a Windows server that is acting as a domain controller. If successful, this could cause the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system without needing to sign in or have prior access.</p>
Windows Netlogon
Microsoft
Yes
CVE-2026-41089
Stack-based Buffer Overflow
11571
11572
11923
11924
12437
12244
12436
10816
10855
10378
10379
10483
10543
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
12437
Remote Code Execution
12244
Remote Code Execution
12436
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
12437
Critical
12244
Critical
12436
Critical
10816
Critical
10855
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Windows Attack Research & Protection (WARP) with <a href="https://microsoft.com/">Microsoft</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Data Formulator Remote Code Execution Vulnerability
<p>Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>The vulnerability can be exploited remotely over the network without administrative privileges, but exploitation requires user interaction to trigger processing of user‑supplied input by the affected service.</p>
Microsoft Data Formulator
Microsoft
Yes
CVE-2026-41094
Improper Control of Generation of Code ('Code Injection')
21298
Remote Code Execution
21298
Important
21298
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
21298
Release Notes
https://pypi.org/project/data-formulator/
21298
Maybe
Security Update
0.7
https://pypi.org/project/data-formulator/
21298
Release Notes
<a href="https://x.com/security_index">Yoshizawa</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Data Deduplication Elevation of Privilege Vulnerability
<p>Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Data Deduplication
Microsoft
Yes
CVE-2026-41095
Use After Free
12437
11572
12244
12436
10816
10855
10483
11924
10543
11923
11571
Elevation of Privilege
12437
Elevation of Privilege
11572
Elevation of Privilege
12244
Elevation of Privilege
12436
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10483
Elevation of Privilege
11924
Elevation of Privilege
10543
Elevation of Privilege
11923
Elevation of Privilege
11571
Important
12437
Important
11572
Important
12244
Important
12436
Important
10816
Important
10855
Important
10483
Important
11924
Important
10543
Important
11923
Important
11571
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11572
11571
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11572
11571
5087538
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10816
10855
5087537
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11924
11923
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11924
11923
5087545
5087545
https://support.microsoft.com/help/5087545
11924
11923
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11924
11923
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11924
11923
5087424
ChenJian with Sea Security Orca Team
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows DNS Client Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by sending a specially crafted DNS response to a vulnerable Windows system, causing the DNS Client to incorrectly process the response and corrupt memory. In certain configurations, this could allow the attacker to run code remotely on the affected system without authentication.</p>
Microsoft Windows DNS
Microsoft
Yes
CVE-2026-41096
Heap-based Buffer Overflow
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
20853
Remote Code Execution
20854
Critical
12437
Critical
20437
Critical
20438
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
20853
Critical
20854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
WARP team at Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Word for Android Spoofing Vulnerability
<p>Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2026-41101
Improper Access Control
11772
Spoofing
11772
Important
11772
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11772
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.word&hl=en_US
11772
Maybe
Security Update
16.0.19822.20190
https://play.google.com/store/apps/details?id=com.microsoft.office.word&hl=en_US
11772
Release Notes
<a href="https://twitter.com/yanir_">Yanir Tsarimi</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft PowerPoint for Android Spoofing Vulnerability
<p>Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office PowerPoint
Microsoft
Yes
CVE-2026-41102
Improper Access Control
12032
Spoofing
12032
Important
12032
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12032
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.powerpoint&hl=en_US
12032
Maybe
Security Update
16.0.19822.20190
https://play.google.com/store/apps/details?id=com.microsoft.office.powerpoint&hl=en_US
12032
Release Notes
<a href="https://twitter.com/yanir_">Yanir Tsarimi</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
<p>Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by embedding malicious instructions in user input or external content that is processed, causing it to bypass guardrails, treat those instructions as trusted, and execute unintended actions such as retrieving sensitive data.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>Successful exploitation could bypass the path validation safeguards that check which files may be changed and require user approval for sensitive locations, allowing changes to protected files without the user’s knowledge or consent.</p>
GitHub Copilot and Visual Studio
Microsoft
Yes
CVE-2026-41109
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
11622
Security Feature Bypass
11622
Important
11622
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11622
Release Notes
https://code.visualstudio.com/Download
11622
Maybe
Security Update
1.119.1
https://code.visualstudio.com/updates/v1_119
11622
Release Notes
Alexander Tan
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Visual Studio Code Security Feature Bypass Vulnerability
<p>Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation would require a user to open or view a maliciously crafted notebook so that the affected content is rendered.</p>
Visual Studio Code
Microsoft
Yes
CVE-2026-41610
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Link Resolution Before File Access ('Link Following')
Exposure of Sensitive Information to an Unauthorized Actor
11622
Security Feature Bypass
11622
Important
11622
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.3
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
11622
Release Notes
https://code.visualstudio.com/Download
11622
Maybe
Security Update
1.119.1
https://code.visualstudio.com/updates/v1_119
11622
Release Notes
<a href="https://www.linkedin.com/in/tarek-nakkouch/">Tarek Nakkouch</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Visual Studio Code Remote Code Execution Vulnerability
<p>Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p>
Visual Studio Code
Microsoft
Yes
CVE-2026-41611
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Improper Neutralization of Special Elements used in a Command ('Command Injection')
11622
Remote Code Execution
11622
Important
11622
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11622
Release Notes
https://code.visualstudio.com/Download
11622
Maybe
Security Update
1.119.1
https://code.visualstudio.com/updates/v1_119
11622
Release Notes
Microsoft
Microsoft
<a href="https://www.linkedin.com/in/balgan/">Tiago Henriques</a> with <a href="https://coalitioninc.com/">Coalition inc</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Visual Studio Code Information Disclosure Vulnerability
<p>Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability includes unauthorized access to the file system, specifically file path information.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p>
Visual Studio Code
Microsoft
Yes
CVE-2026-41612
Relative Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
21333
Information Disclosure
21333
Important
21333
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
21333
Release Notes
https://marketplace.visualstudio.com/items?itemName=ms-vscode.live-server
21333
Maybe
Security Update
0.4.19
https://marketplace.visualstudio.com/items?itemName=ms-vscode.live-server
21333
Release Notes
<a href="https://www.linkedin.com/in/aastikgakhar/">Aastik Gakhar</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
M365 Copilot for Desktop Spoofing Vulnerability
<p>Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.</p>
M365 Copilot for Desktop
Microsoft
Yes
CVE-2026-41614
Improper Access Control
21292
Spoofing
21292
Important
21292
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.2
5.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
21292
Release Notes
https://apps.microsoft.com/detail/9wzdncrd29v9?hl=en-us&gl=IE&ocid=pdpshare
21292
No
Security Update
19.2604.43111.0
https://apps.microsoft.com/detail/9wzdncrd29v9?hl=en-us&gl=IE&ocid=pdpshare
21292
Release Notes
Artem Shymshyrian (Xtytia0922 - V-Spot)
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Exploitation requires specific conditions, including particular network configurations and timing conditions, and has only been observed in limited scenarios. This means an attacker cannot reliably exploit the issue in all environments and may need favorable setup or circumstances for it to work.</p>
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p>
Windows Native WiFi Miniport Driver
Microsoft
Yes
CVE-2026-32161
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
20853
Remote Code Execution
20854
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
20437
Critical
20438
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
20853
Critical
20854
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
<a href="https://www.linkedin.com/in/danielr1123/">Daniel R</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
1.1
2026-05-15T07:00:00
<p>Updated Hotpatch links. This is in informational change only.</p>
Windows Rich Text Edit Elevation of Privilege Vulnerability
<p>Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker must send a victim a malicious and specially crafted file and convince them to open it.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker must send the user a malicious file and convince the user to open it.</p>
Windows Rich Text Edit Control
Microsoft
Yes
CVE-2026-32170
Double Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
1.0
2026-05-12T07:00:00
<p>Information published.</p>
1.1
2026-05-15T07:00:00
<p>Updated Hotpatch links. This is in informational change only.</p>
Microsoft Teams Spoofing Vulnerability
<p>Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.</p>
<p><strong>Are the updates for Microsoft Teams for Android currently available?</strong></p>
<p>Yes. As of May 21, 2026, the security update for Microsoft Teams for Android is available. Customers running Microsoft Teams for Android should ensure the update is installed to be protected from this vulnerability.</p>
Microsoft Teams
Microsoft
Yes
CVE-2026-32185
Files or Directories Accessible to External Parties
12007
Spoofing
12007
Important
12007
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12007
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.teams
12007
Maybe
Security Update
1.0.0.2026092402
https://play.google.com/store/apps/details?id=com.microsoft.teams
12007
Release Notes
Ofek Levin Enclave with <a href="https://enclave.ai/">Enclave</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
3.0
2026-05-21T07:00:00
<p>Microsoft is announcing the availability of the security update for Microsoft Teams for Android. Customers running affected Microsoft Teams for Android should install the update for their product to be protected from this vulnerability.</p>
2.0
2026-05-18T07:00:00
<p>The security update for Microsoft Teams for Android is not immediately available. Customers running affected Microsoft Teams for would need to install the update to be protected from this vulnerability, once the update becomes available.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2026-42831
Heap-based Buffer Overflow
11951
12155
12440
Remote Code Execution
11951
Remote Code Execution
12155
Remote Code Execution
12440
Critical
11951
Critical
12155
Critical
12440
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12155
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.109.26051019
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
12155
Maybe
Security Update
16.0.19822.20190
https://support.google.com/googleplay/answer/113412?hl=en
12155
Release Notes
pwn2addr
1.0
2026-05-12T07:00:00
<p>Information published.</p>
.NET Core Tampering Vulnerability
<p>A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.</p>
<p>To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.</p>
<p>The security update fixes the vulnerability by ensuring .NET Core properly handles files.</p>
.NET
Microsoft
Yes
CVE-2026-32175
Absolute Path Traversal
20837
12414
12434
21244
16767
12459
Tampering
20837
Tampering
12414
Tampering
12434
Tampering
21244
Tampering
16767
Tampering
12459
Important
20837
Important
12414
Important
12434
Important
21244
Important
16767
Important
12459
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
20837
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
12414
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
12434
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
21244
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
16767
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
12459
5093446
https://dotnet.microsoft.com/download/dotnet/10.0
20837
Maybe
Security Update
10.0.8
https://support.microsoft.com/help/5093446
20837
5093446
5093447
https://dotnet.microsoft.com/download/dotnet/8.0
12414
Maybe
Security Update
8.0.27
https://support.microsoft.com/help/5093447
12414
5093447
5093448
https://dotnet.microsoft.com/download/dotnet/9.0
12434
Maybe
Security Update
9.0.16
https://support.microsoft.com/help/5093448
12434
5093448
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2026 version 18.4
21244
Maybe
Security Update
18.5.3
https://learn.microsoft.com/en-us/visualstudio/releases/2026/release-notes
21244
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14
16767
Maybe
Security Update
17.14.32
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
16767
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12
12459
Maybe
Security Update
17.12.20
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.12
12459
Release Notes
Anonymous
Radek Zikmund with Microsoft s.r.o.
2.0
2026-05-19T07:00:00
<p>Removed incorrectly added rows from the Security Updates table. This is an informational change only.</p>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
<p>External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability by bypassing a security feature that is built in to prevent cookies from being read is cookies data and cached sessions. By reading a session cookie, an attacker would be able to sign into the victim’s accounts on a different computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a browser sandbox escape.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2026-41107
External Control of File Name or Path
11655
Information Disclosure
11655
Moderate
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.4
6.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Adithya Kotian
Ofek Levin Enclave with <a href="https://enclave.ai/">Enclave</a>
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7898 Use after free in Chromoting
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7898
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7899 Out of bounds read and write in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7899
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7897 Use after free in Mobile
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7897
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7896 Integer overflow in Blink
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7896
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:11
<p>Information published.</p>
Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7998
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSL
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7996
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7994 Inappropriate implementation in Chromoting
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7994
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updater
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7997
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7995 Out of bounds read in AdFilter
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7995
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7992 Insufficient validation of untrusted input in UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7992
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7977 Inappropriate implementation in Canvas
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7977
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7976 Use after free in Views
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7976
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7975 Use after free in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7975
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7974 Use after free in Blink
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7974
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7973 Integer overflow in Dawn
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7973
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7971 Inappropriate implementation in ORB
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7971
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7972 Uninitialized Use in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7972
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7970 Use after free in TopChrome
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7970
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7969 Integer overflow in Network
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7969
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7968
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7967
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7966
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystem
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7964
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorker
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7963
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7993 Insufficient validation of untrusted input in Payments
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7993
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7962 Insufficient policy enforcement in DirectSockets
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7962
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7991 Use after free in UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7991
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7960 Race in Speech
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7960
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissions
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7961
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7959 Inappropriate implementation in Navigation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7959
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorker
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7958
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7990 Insufficient validation of untrusted input in Updater
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7990
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7957 Out of bounds write in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7957
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7956 Use after free in Navigation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7956
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7955 Uninitialized Use in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7955
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7954 Race in Shared Storage
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7954
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omnibox
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7953
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7965
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensions
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7952
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7951 Out of bounds write in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7951
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7949 Out of bounds read in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7949
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7950 Out of bounds read and write in GFX
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7950
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7948 Race in Chromoting
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7948
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7999 Inappropriate implementation in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7999
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Network
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7947
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7946 Insufficient policy enforcement in WebUI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7946
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOP
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7945
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7944
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7943
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7942 Integer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7942
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7941 Insufficient validation of untrusted input in Mobile
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7941
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7940 Use after free in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7940
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7939 Inappropriate implementation in SanitizerAPI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7939
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7938 Use after free in CSS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7938
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofill
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7986
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7937 Insufficient policy enforcement in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7937
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7936 Object lifecycle issue in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7936
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7989 Insufficient data validation in DataTransfer
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7989
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7988 Type Confusion in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7988
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7987 Use after free in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7987
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7985 Use after free in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7985
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7984 Use after free in ReadingMode
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7984
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7983 Out of bounds read in Dawn
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7983
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7981 Out of bounds read in Codecs
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7981
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7980 Use after free in WebAudio
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7980
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7978 Inappropriate implementation in Companion
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7978
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7979 Inappropriate implementation in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7979
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7982 Uninitialized Use in WebCodecs
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7982
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blocker
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7934
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7933 Out of bounds read in WebCodecs
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7933
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7935 Inappropriate implementation in Speech
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7935
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7932 Insufficient policy enforcement in Downloads
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7932
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7929 Use after free in MediaRecording
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7929
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7931 Insufficient validation of untrusted input in iOS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7931
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookies
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7930
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7927 Type Confusion in Runtime
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7927
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7928 Use after free in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7928
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7926 Use after free in PresentationAPI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7926
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7925 Use after free in Chromoting
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7925
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7924 Uninitialized Use in Dawn
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7924
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7923 Out of bounds write in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7923
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7922 Use after free in ServiceWorker
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7922
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7921 Use after free in Passwords
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7921
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7920 Use after free in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7920
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7918 Use after free in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7918
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7917 Use after free in Fullscreen
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7917
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7919 Use after free in Aura
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7919
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7916 Insufficient data validation in InterestGroups
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7916
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7915 Insufficient data validation in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7915
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7914 Type Confusion in Accessibility
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7914
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7913 Insufficient policy enforcement in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7913
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7912 Integer overflow in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7912
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7911 Use after free in Aura
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7911
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7909
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7910 Use after free in Views
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7910
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7908 Use after free in Fullscreen
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7908
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7907 Use after free in DOM
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7907
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7905 Insufficient validation of untrusted input in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7905
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7906 Use after free in SVG
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7906
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7904 Out of bounds read in Fonts
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7904
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7903 Integer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7903
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7902 Out of bounds memory access in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7902
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7901 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7901
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-7900 Heap buffer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-7900
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8020 Uninitialized Use in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8020
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8019 Insufficient policy enforcement in WebApp
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8019
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8018 Insufficient policy enforcement in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8018
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8022 Inappropriate implementation in MHTML
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8022
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8017 Side-channel information leakage in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8017
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8021 Script injection in UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8021
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8014 Inappropriate implementation in Preload
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8014
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8015 Inappropriate implementation in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8015
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8016 Use after free in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8016
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8012 Inappropriate implementation in MHTML
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8012
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8011 Insufficient policy enforcement in Search
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8011
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCM
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8013
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8009 Inappropriate implementation in Cast
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8009
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8010
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8008 Inappropriate implementation in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8008
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Cast
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8007
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8006 Insufficient policy enforcement in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8006
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Cast
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8005
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8002 Use after free in Audio
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8002
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8004 Insufficient policy enforcement in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8004
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8003
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8000
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8001 Use after free in Printing
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.54</td>
<td>05/07/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8001
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.54
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Windows Telephony Service Elevation of Privilege Vulnerability
<p>Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Telephony Service
Microsoft
Yes
CVE-2026-42825
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5078737
5075943
11923
11924
No
Security Hotpatch Update
10.0.20348.4830
https://support.microsoft.com/help/5078737
11923
11924
5078737
5078737
https://support.microsoft.com/help/5078737
11923
11924
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Anonymous
1.0
2026-05-12T07:00:00
<p>Information published.</p>
1.1
2026-06-01T07:00:00
<p>Updated Hotpatch links. This is in informational change only.</p>
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
<p>User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could view sensitive information, (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.</p>
<p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p>
<p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded". The CVSS scoring system doesn't allow for this type of nuance.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2026-42891
User Interface (UI) Misrepresentation of Critical Information
11815
Spoofing
11815
Moderate
11815
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
6.5
5.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C
11815
Release Notes
11815
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11815
Release Notes
<a href="https://x.com/zxyhellzing">xzyhellsing (Saidina Hikam)</a>
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
<p>User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p>
<p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge for Android
Microsoft
Yes
CVE-2026-35429
User Interface (UI) Misrepresentation of Critical Information
11815
Spoofing
11815
Moderate
11815
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
4.3
3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11815
Release Notes
11815
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11815
Release Notes
<a href="https://www.linkedin.com/in/alfazhossain/">Alfaz Hossain</a> with <a href="https://piratesofthedeadflag.com/">POTDF</a>
<a href="https://linkedin.com/in/riskimivan">Riski Muhammad Ivan</a>
<a href="https://www.linkedin.com/in/jodyritonga/">Jody Ritonga</a> with test
<a href="https://www.instagram.com/p1sc00k_/">Rifat Abdul Manaf</a>
1.1
2026-06-08T07:00:00
<p>Updated an acknowledgement. This is an informational change only.</p>
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Windows DWM Core Library Elevation of Privilege Vulnerability
<p>Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows DWM Core Library
Microsoft
Yes
CVE-2026-42896
Integer Overflow or Wraparound
Heap-based Buffer Overflow
12437
20437
20438
12389
12390
12436
20853
20854
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Important
12437
Important
20437
Important
20438
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
namnp with <a href="https://x.com/vcslab">Viettel Cyber Security</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
<p>Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker with the required permissions could modify the saved state of a process session in Dynamics CRM and trigger the system to process that data, which could result in the server unintentionally executing malicious code.</p>
Microsoft Dynamics 365 (on-premises)
Microsoft
Yes
CVE-2026-42898
Improper Control of Generation of Code ('Code Injection')
11921
Remote Code Execution
11921
Critical
11921
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
9.9
8.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11921
5078943
https://support.microsoft.com/en-us/topic/service-update-1-44-for-microsoft-dynamics-crm-on-premises-9-1-43630351-d782-4769-a59b-6a0f340c37f5
11921
Maybe
Security Update
9.1.45.11
https://support.microsoft.com/help/5078943
11921
5078943
John Nzyuko
Kentaro Kawane with <a href="https://gmo-cybersecurity.com/">GMO Cybersecurity by Ierae, Inc.</a>
<a href="https://twitter.com/hoangnx99">hoangha</a> with <a href="https://lab.viettelcybersecurity.com/">VCSLab of Viettel Cyber Security</a>
Butterfly
1.0
2026-05-12T07:00:00
<p>Information published.</p>
1.2
2026-05-13T07:00:00
<p>Acknowledgement Updated</p>
1.3
2026-05-29T07:00:00
<p>Updated an acknowledgement. This is an informational change only.</p>
1.1
2026-05-13T07:00:00
<p>Updated the fixed version number. This is an informational change only.</p>
ASP.NET Core Denial of Service Vulnerability
<p>Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.</p>
ASP.NET Core
Microsoft
Yes
CVE-2026-42899
Loop with Unreachable Exit Condition ('Infinite Loop')
12414
12432
12416
12415
12434
12433
20838
20839
20837
Denial of Service
12414
Denial of Service
12432
Denial of Service
12416
Denial of Service
12415
Denial of Service
12434
Denial of Service
12433
Denial of Service
20838
Denial of Service
20839
Denial of Service
20837
Important
12414
Important
12432
Important
12416
Important
12415
Important
12434
Important
12433
Important
20838
Important
20839
Important
20837
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12414
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12432
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12416
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12415
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12434
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12433
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20838
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20839
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20837
5093447
https://dotnet.microsoft.com/download/dotnet/8.0
12414
12416
12415
Maybe
Security Update
8.0.27
https://support.microsoft.com/help/5093447
12414
12416
12415
5093447
5093448
https://dotnet.microsoft.com/download/dotnet/9.0
12432
12434
12433
Maybe
Security Update
9.0.16
https://support.microsoft.com/help/5093448
12432
12434
12433
5093448
5093446
https://dotnet.microsoft.com/download/dotnet/10.0
20838
20839
20837
Maybe
Security Update
10.0.8
https://support.microsoft.com/help/5093446
20838
20839
20837
5093446
hamayanhamayan
<a href="https://www.linkedin.com/in/abdul-rehman---/">Muhammad Abdul Rehman</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Exchange Server Spoofing Vulnerability
<p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this issue by sending a specially crafted email to a user. If the user opens the email in Outlook Web Access and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.</p>
<p><strong>How do I protect my Exchange Server from this vulnerability?</strong></p>
<p>The Exchange Emergency Mitigation Service will provide mitigation automatically, and is on by default. If it is not already enabled on your Exchange Server, you need to enable <a href="https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-emergency-mitigation-service">Exchange Emergency Mitigation Service</a>. You can find more information and instruction in the Exchange blog <a href="https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498">here</a>.</p>
<p><strong>Am I protected from this vulnerability if I am running Internet Explorer or Edge with Internet Explorer Mode?</strong></p>
<p>No, because Content Security Policy (CSP) is not supported by Internet Explorer nor Microsoft Edge using Internet Explorer Mode. To stay protected, please make sure to not use Internet Explorer (Mode) to access OWA.</p>
<p><strong>Why are there no links to updates in the Security Update Table?</strong></p>
<p>Microsoft is supplying a temporary mitigation for this vulnerability through the Exchange Emergency Mitigation Service. We are working on developing and testing a more permanent fix which we will provide when it meets our quality standards.</p>
<h3 id="update-692026">Update 6/9/2026</h3>
<p>Microsoft recommends installing the June 2026 Security Updates for your version of Exchange Server as soon as possible to be protected from this vulnerability.</p>
<p>As part of our ongoing efforts to strengthen security and improve defenses across environments, we continue to enhance protections for cross-site scripting attacks. We recommend that customers keep the mitigation describe in place. The mitigation provides an additional layer of defense and helps ensure continuous protection as further improvements are released. Additional updates will be shared as they become available. Please see the <a href="https://techcommunity.microsoft.com/blog/exchange/released-june-2026-exchange-server-security-updates/4524491">exchange blog post</a> for more information.</p>
Microsoft Exchange Server
Microsoft
Yes
CVE-2026-42897
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
12039
12293
12502
16792
Spoofing
12039
Spoofing
12293
Spoofing
12502
Spoofing
16792
Critical
12039
Critical
12293
Critical
12502
Critical
16792
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
8.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C
12039
8.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C
12293
8.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C
12502
8.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C
16792
5094144
5066369
12039
Yes
Security Update
15.01.2507.069
https://support.microsoft.com/help/5094144
12039
5094144
5094142
5066368
12293
Yes
Security Update
15.02.1544.041
https://support.microsoft.com/help/5094142
12293
5094142
5094140
5066367
12502
Yes
Security Update
15.02.1748.046
https://support.microsoft.com/help/5094140
12502
5094140
5094139
https://www.microsoft.com/en-us/download/details.aspx?id=108698
5066366
16792
Yes
Security Update
15.02.2562.043
https://support.microsoft.com/help/5094139
16792
5094139
Anonymous
1.0
2026-05-14T07:00:00
<p>Information published.</p>
1.1
2026-05-18T07:00:00
<p>Updated FAQ information. This is an informational change only.</p>
2.0
2026-06-09T07:00:00
<p>Added links to June 2026 Exchange Server security updates. Microsoft recommends installing this updates as soon as possible.</p>
Microsoft Authenticator Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>This vulnerability could expose a sign-in access token for a user’s work account. If disclosed, that token could allow access to data and services that the user is authorized to use, potentially including sensitive organizational information.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could attempt to trick a user into interacting with a malicious request that appears legitimate. When the user approves the request, the attacker could cause the app to obtain an access token on the user’s behalf and send it to a location controlled by the attacker, without the user being clearly informed about what access is being granted.</p>
<p><strong>Do users need to take any action to receive the fix for the Authenticator app issue on Android?</strong></p>
<p>Users who have automatic app updates enabled on their Android device will receive the fix without any action required. Users who do not have auto-update enabled must manually update the Microsoft Authenticator app to the latest version via the Google Play Store to ensure they receive the fix.</p>
Microsoft Authenticator
Microsoft
Yes
CVE-2026-41615
Exposure of Sensitive Information to an Unauthorized Actor
12289
20927
Information Disclosure
12289
Information Disclosure
20927
Critical
12289
Critical
20927
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
9.6
8.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12289
9.6
8.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20927
Release Notes
https://play.google.com/store/apps/details?id=com.azure.authenticator
12289
No
Security Update
6.2605.2973
https://play.google.com/store/apps/details?id=com.azure.authenticator
12289
Release Notes
Release Notes
https://apps.apple.com/us/app/microsoft-authenticator/id983156458
20927
No
Security Update
6.8.47
https://apps.apple.com/us/app/microsoft-authenticator/id983156458
20927
Release Notes
Sridhar Periyasamy
1.0
2026-05-14T07:00:00
<p>Information published.</p>
Microsoft Defender Denial of Service Vulnerability
<table>
<thead>
<tr>
<th>References</th>
<th>Identification</th>
</tr>
</thead>
<tbody>
<tr>
<td>Last version of the Microsoft Defender Antimalware Platform affected by this vulnerability</td>
<td>4.18.26030.3011</td>
</tr>
<tr>
<td>First version of the Microsoft Defender Antimalware Platform with this vulnerability addressed</td>
<td>Version 4.18.26040.7</td>
</tr>
</tbody>
</table>
<p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p>
<p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p>
<p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p>
<p><strong>Why is no action required to install this update?</strong></p>
<p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Windows Defender Antimalware Platform. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p>
<p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Windows Defender Antimalware Platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p>
<p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Windows Defender Antimalware Platform updates and malware definitions, is working as expected in their environment.</p>
<p><strong>How often are the Microsoft Defender Antimalware Platform and malware definitions updated?</strong></p>
<p>Microsoft typically releases an update for the Microsoft Defender Antimalware Platform once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p>
<p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for platform, engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p>
<p><strong>What is the Microsoft Defender Antimalware Platform?</strong></p>
<p>The Microsoft Defender Antimalware Platform is a collection of user-mode binaries (e.g. MsMpEng.exe) and kernel-mode drivers that run on top of Windows to keep devices protected against new and prevalent threats.</p>
<p><strong>Microsoft Defender uses the Windows Defender Antimalware Platform. On which products is Defender installed and active by default?</strong></p>
<p>Defender runs on all supported versions of Windows.</p>
<p><strong>Are there other products that use the Microsoft Defender Antimalware Platform?</strong></p>
<p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p>
<p><strong>Does this update contain any additional security-related changes to functionality?</strong></p>
<p>Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p>
<h2 id="suggested-actions">Suggested Actions</h2>
<p><strong>Verify that the update is installed</strong></p>
<p>Customers should verify that the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p>
<ol>
<li>Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.</li>
<li>In the navigation pane, select Virus & threat protection.</li>
<li>Then click on <strong>Protection Updates</strong> in the Virus & threat protection section updates.</li>
<li>Select <strong>Check for updates</strong>.</li>
<li>In the navigation pane, select <strong>Settings</strong>, and then select <strong>About</strong>.</li>
<li>Examine the <strong>Antimalware ClientVersion</strong> number. The update was successfully installed if the Malware Protection Platform version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.</li>
</ol>
Microsoft Defender
Microsoft
Yes
CVE-2026-45498
Uncontrolled Resource Consumption
11744
Denial of Service
11744
Low
11744
Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected
4.0
3.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
11744
Release Notes
11744
Maybe
Security Update
4.18.26040.7
https://www.microsoft.com/en-us/wdsi/defenderupdates
11744
Release Notes
1.0
2026-05-19T07:00:00
<p>Information published.</p>
1.1
2026-05-26T07:00:00
<p>CWE added. Informational change only.</p>
Chromium: CVE-2026-8520 Race in Payments
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8520
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T07:00:28
<p>Information published.</p>
Chromium: CVE-2026-8564 Incorrect security UI in Downloads
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8564
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:13
<p>Information published.</p>
Chromium: CVE-2026-8583 Insufficient policy enforcement in WebXR
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8583
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:31
<p>Information published.</p>
Chromium: CVE-2026-9111 Use after free in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9111
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:33
<p>Information published.</p>
Chromium: CVE-2026-9110 Inappropriate implementation in UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9110
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:37
<p>Information published.</p>
Chromium: CVE-2026-9112 Use after free in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9112
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:38
<p>Information published.</p>
Chromium: CVE-2026-9113 Out of bounds read in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9113
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:39
<p>Information published.</p>
Chromium: CVE-2026-9115 Insufficient policy enforcement in Service Worker
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9115
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:41
<p>Information published.</p>
Chromium: CVE-2026-9114 Use after free in QUIC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9114
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:40
<p>Information published.</p>
Chromium: CVE-2026-10011 Inappropriate implementation in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10011
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:44
<p>Information published.</p>
Chromium: CVE-2026-10009 Integer overflow in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10009
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:42
<p>Information published.</p>
Chromium: CVE-2026-10012 Use after free in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10012
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:46
<p>Information published.</p>
Chromium: CVE-2026-10013 Use after free in WebCodecs
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10013
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:47
<p>Information published.</p>
Chromium: CVE-2026-10015 Integer overflow in WTF
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10015
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:49
<p>Information published.</p>
Chromium: CVE-2026-10016 Use after free in DOM
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10016
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:50
<p>Information published.</p>
Chromium: CVE-2026-10018 Integer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10018
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:52
<p>Information published.</p>
Chromium: CVE-2026-10019 Integer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10019
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:53
<p>Information published.</p>
Chromium: CVE-2026-10017 Out of bounds read in Headless
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10017
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:51
<p>Information published.</p>
Chromium: CVE-2026-10022 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10022
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:56
<p>Information published.</p>
Chromium: CVE-2026-10021 Insufficient validation of untrusted input in USB
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10021
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:55
<p>Information published.</p>
Chromium: CVE-2026-9884 Use after free in Browser
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9884
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:35
<p>Information published.</p>
Chromium: CVE-2026-9882 Integer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9882
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:34
<p>Information published.</p>
Chromium: CVE-2026-9883 Use after free in Base
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9883
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:34
<p>Information published.</p>
Chromium: CVE-2026-9886 Use after free in Base
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9886
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:37
<p>Information published.</p>
Chromium: CVE-2026-9887 Use after free in Proxy
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9887
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:38
<p>Information published.</p>
Chromium: CVE-2026-9885 Insufficient validation of untrusted input in UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9885
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:36
<p>Information published.</p>
Chromium: CVE-2026-9890 Use after free in XR
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9890
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:41
<p>Information published.</p>
Chromium: CVE-2026-9891 Use after free in Extensions
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9891
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:42
<p>Information published.</p>
Chromium: CVE-2026-9892 Inappropriate implementation in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9892
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:43
<p>Information published.</p>
Chromium: CVE-2026-9893 Use after free in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9893
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:44
<p>Information published.</p>
Chromium: CVE-2026-9897 Use after free in DOM
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9897
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:48
<p>Information published.</p>
Chromium: CVE-2026-9895 Out of bounds read in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9895
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:46
<p>Information published.</p>
Chromium: CVE-2026-9894 Use after free in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9894
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:45
<p>Information published.</p>
Chromium: CVE-2026-9896 Out of bounds write in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9896
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:47
<p>Information published.</p>
Chromium: CVE-2026-9899 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9899
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:50
<p>Information published.</p>
Chromium: CVE-2026-9900 Out of bounds write in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9900
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:51
<p>Information published.</p>
Chromium: CVE-2026-9902 Use after free in Accessibility
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9902
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:53
<p>Information published.</p>
Chromium: CVE-2026-9901 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9901
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:52
<p>Information published.</p>
Chromium: CVE-2026-9905 Use after free in Accessibility
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9905
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:56
<p>Information published.</p>
Chromium: CVE-2026-9903 Insufficient validation of untrusted input in Site Isolation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9903
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:54
<p>Information published.</p>
Chromium: CVE-2026-9904 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9904
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:55
<p>Information published.</p>
Chromium: CVE-2026-9909 Integer overflow in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9909
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:00
<p>Information published.</p>
Chromium: CVE-2026-9906 Out of bounds write in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9906
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:57
<p>Information published.</p>
Chromium: CVE-2026-9907 Out of bounds read in Dawn
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9907
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:58
<p>Information published.</p>
Chromium: CVE-2026-9910 Out of bounds memory access in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9910
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:01
<p>Information published.</p>
Chromium: CVE-2026-9908 Out of bounds read in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9908
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:59
<p>Information published.</p>
Chromium: CVE-2026-9941 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9941
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:33
<p>Information published.</p>
Chromium: CVE-2026-9944 Uninitialized Use in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9944
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:36
<p>Information published.</p>
Chromium: CVE-2026-9942 Uninitialized Use in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9942
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:34
<p>Information published.</p>
Chromium: CVE-2026-9945 Use after free in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9945
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:37
<p>Information published.</p>
Chromium: CVE-2026-9949 Use after free in Core
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9949
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:41
<p>Information published.</p>
Chromium: CVE-2026-9946 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9946
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:38
<p>Information published.</p>
Chromium: CVE-2026-9948 Use after free in Views
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9948
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:40
<p>Information published.</p>
Chromium: CVE-2026-9954 Use after free in TabStrip
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9954
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:47
<p>Information published.</p>
Chromium: CVE-2026-9953 Out of bounds read in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9953
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:46
<p>Information published.</p>
Chromium: CVE-2026-9951 Use after free in UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9951
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:43
<p>Information published.</p>
Chromium: CVE-2026-9952 Use after free in WebAudio
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9952
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:45
<p>Information published.</p>
Chromium: CVE-2026-9962 Use after free in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9962
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:55
<p>Information published.</p>
Chromium: CVE-2026-9961 Use after free in SurfaceCapture
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9961
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:54
<p>Information published.</p>
Chromium: CVE-2026-9964 Use after free in Bluetooth
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9964
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:57
<p>Information published.</p>
Chromium: CVE-2026-9965 Out of bounds write in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9965
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:58
<p>Information published.</p>
Chromium: CVE-2026-9968 Integer overflow in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9968
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:01
<p>Information published.</p>
Chromium: CVE-2026-9970 Use after free in WebGL
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9970
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:03
<p>Information published.</p>
Chromium: CVE-2026-9966 Integer overflow in XML
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9966
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:59
<p>Information published.</p>
Chromium: CVE-2026-9967 Out of bounds write in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9967
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:00
<p>Information published.</p>
Chromium: CVE-2026-9975 Out of bounds read and write in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9975
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:08
<p>Information published.</p>
Chromium: CVE-2026-9976 Inappropriate implementation in USB
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9976
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:09
<p>Information published.</p>
Chromium: CVE-2026-9973 Out of bounds write in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9973
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:06
<p>Information published.</p>
Chromium: CVE-2026-9972 Uninitialized Use in Gamepad
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9972
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:05
<p>Information published.</p>
Chromium: CVE-2026-9980 Insufficient validation of untrusted input in Printing
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9980
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:13
<p>Information published.</p>
Chromium: CVE-2026-9979 Insufficient validation of untrusted input in Input
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9979
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:12
<p>Information published.</p>
Chromium: CVE-2026-9978 Use after free in Glic
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9978
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:11
<p>Information published.</p>
Chromium: CVE-2026-9983 Type Confusion in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9983
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:16
<p>Information published.</p>
Chromium: CVE-2026-9981 Inappropriate implementation in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9981
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:14
<p>Information published.</p>
Chromium: CVE-2026-9982 Insufficient validation of untrusted input in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9982
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:15
<p>Information published.</p>
Chromium: CVE-2026-9984 Use after free in UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9984
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:17
<p>Information published.</p>
Chromium: CVE-2026-9985 Insufficient validation of untrusted input in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9985
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:18
<p>Information published.</p>
Chromium: CVE-2026-9986 Insufficient validation of untrusted input in OptimizationGuide
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9986
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:19
<p>Information published.</p>
Chromium: CVE-2026-9989 Inappropriate implementation in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9989
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:22
<p>Information published.</p>
Chromium: CVE-2026-9990 Use after free in WebAppInstalls
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9990
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:23
<p>Information published.</p>
Chromium: CVE-2026-9988 Use after free in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9988
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:21
<p>Information published.</p>
Chromium: CVE-2026-9992 Use after free in Network
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9992
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:25
<p>Information published.</p>
Chromium: CVE-2026-9993 Use after free in Views
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9993
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:26
<p>Information published.</p>
Chromium: CVE-2026-9991 Inappropriate implementation in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9991
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:24
<p>Information published.</p>
Chromium: CVE-2026-9994 Use after free in Core
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9994
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:27
<p>Information published.</p>
Chromium: CVE-2026-9996 Out of bounds read in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9996
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:29
<p>Information published.</p>
Chromium: CVE-2026-9995 Use after free in WebXR
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9995
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:28
<p>Information published.</p>
Chromium: CVE-2026-9998 Integer overflow in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9998
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:31
<p>Information published.</p>
Chromium: CVE-2026-9999 Inappropriate implementation in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9999
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:32
<p>Information published.</p>
Chromium: CVE-2026-9997 Use after free in Input
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9997
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:30
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p>
<p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p>
<p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-33110
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002868
https://www.microsoft.com/en-us/download/details.aspx?id=108651
5002861
10950
Maybe
Security Update
16.0.5552.1002
https://support.microsoft.com/help/5002868
10950
5002868
5002870
https://www.microsoft.com/en-us/download/details.aspx?id=108654
5002854
11585
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002870
11585
5002870
5002863
https://www.microsoft.com/en-us/download/details.aspx?id=108655
5002853
11961
Maybe
Security Update
16.0.19725.20280
https://support.microsoft.com/help/5002863
11961
5002863
f7d8c52bec79e42795cf15888b85cbad
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p>
<p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-33112
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002868
https://www.microsoft.com/en-us/download/details.aspx?id=108651
5002861
10950
Maybe
Security Update
16.0.5552.1002
https://support.microsoft.com/help/5002868
10950
5002868
5002870
https://www.microsoft.com/en-us/download/details.aspx?id=108654
5002854
11585
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002870
11585
5002870
5002863
https://www.microsoft.com/en-us/download/details.aspx?id=108655
5002853
11961
Maybe
Security Update
16.0.19725.20280
https://support.microsoft.com/help/5002863
11961
5002863
<a href="https://twitter.com/_l0gg">khoadha</a>
<a href="https://www.linkedin.com/in/rafaellresende/">Rafael Resende</a>
1.1
2026-05-27T07:00:00
<p>Acknowledgement added. This is an informational change only.</p>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Azure Machine Learning Notebook Spoofing Vulnerability
<p>Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could view sensitive information, (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation would require a user to open or view a maliciously crafted notebook so that the affected content is rendered.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could create or import a specially crafted Azure ML notebook containing malicious styling content in a Markdown cell, which may be rendered when the notebook is viewed and could expose sensitive information displayed within the Azure ML web interface.</p>
Azure Machine Learning
Microsoft
Yes
CVE-2026-33833
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
12152
Spoofing
12152
Important
12152
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.2
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
12152
Release Notes
https://aznb-ame-prod.azureedge.net/component/1.7.6/aznb-bundle.js
12152
No
Security Update
1.7.6
https://dev.azure.com/devdiv/OnlineServices/_artifacts/feed/AzureNotebooksEntry@Local/Npm/@azure-notebooks/versions/overview
12152
Release Notes
Jianyang Song
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
<p>Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Cloud Files Mini Filter Driver
Microsoft
Yes
CVE-2026-33835
Use After Free
11571
11923
11568
11569
11924
11572
11930
11929
11931
12097
12098
12099
12437
20437
12242
20438
12389
12244
12390
12243
12436
20853
20854
Elevation of Privilege
11571
Elevation of Privilege
11923
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11924
Elevation of Privilege
11572
Elevation of Privilege
11930
Elevation of Privilege
11929
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
12242
Elevation of Privilege
20438
Elevation of Privilege
12389
Elevation of Privilege
12244
Elevation of Privilege
12390
Elevation of Privilege
12243
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Important
11571
Important
11923
Important
11568
Important
11569
Important
11924
Important
11572
Important
11930
Important
11929
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
12242
Important
20438
Important
12389
Important
12244
Important
12390
Important
12243
Important
12436
Important
20853
Important
20854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11571
11568
11569
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11571
11568
11569
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11930
11929
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11930
11929
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
<a href="https://x.com/_dez">Joe Desimone</a> with Elastic Security
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows TCP/IP Local Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability locally by running code with limited privileges and then interacting with the tcpip.sys kernel driver to gain elevated (kernel-level) privileges on the system.</p>
Windows TCP/IP
Microsoft
Yes
CVE-2026-33837
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
<a href="https://x.com/h4urek">h4urek</a> with <a href="https://secsys.fudan.edu.cn/">secsys lab</a>
<a href="https://x.com/h4urek">h4urek</a> with <a href="https://secsys.fudan.edu.cn/">secsys lab</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
<p>Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Message Queuing
Microsoft
Yes
CVE-2026-33838
Double Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Anonymous working with TrendAI Zero Day Initiative
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Kernel-Mode Driver Remote Code Execution Vulnerability
<p>Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Exploitation of this vulnerability requires an authorized attacker on the domain to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by sending a specially crafted NVMe over Fabrics (NVMe‑oF) response message during the connection handshake process that contains an invalid header length value.</p>
Windows Kernel-Mode Drivers
Microsoft
Yes
CVE-2026-34332
Use After Free
12437
12436
Remote Code Execution
12437
Remote Code Execution
12436
Important
12437
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
Microsoft Offensive Research & Security Engineering
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows TCP/IP Elevation of Privilege Vulnerability
<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows TCP/IP
Microsoft
Yes
CVE-2026-34334
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
hazard
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows DWM Core Library Elevation of Privilege Vulnerability
<p>Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows DWM Core Library
Microsoft
Yes
CVE-2026-34336
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12437
Information Disclosure
20437
Information Disclosure
20438
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
12389
Information Disclosure
12390
Information Disclosure
12436
Information Disclosure
20853
Information Disclosure
20854
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
<a href="https://x.com/immortalp0ny">Sergey immortalp0ny Tarasov</a> with <a href="https://global.ptsecurity.com/">Positive Technologies</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
2.0
2026-05-22T07:00:00
<p>The security impact for this CVE has been revised based on a re-assessment of the vulnerability. The original classification of Information Disclosure (ID) has been updated to Elevation of Privilege (EoP).</p>
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
<p>Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Cloud Files Mini Filter Driver
Microsoft
Yes
CVE-2026-34337
Use After Free
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11923
11924
11930
11571
11931
11572
11929
12097
12437
12098
12099
20438
20437
12242
12244
12390
12243
12436
12389
20853
20854
11568
11569
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11930
Elevation of Privilege
11571
Elevation of Privilege
11931
Elevation of Privilege
11572
Elevation of Privilege
11929
Elevation of Privilege
12097
Elevation of Privilege
12437
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
20438
Elevation of Privilege
20437
Elevation of Privilege
12242
Elevation of Privilege
12244
Elevation of Privilege
12390
Elevation of Privilege
12243
Elevation of Privilege
12436
Elevation of Privilege
12389
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
11568
Elevation of Privilege
11569
Important
11923
Important
11924
Important
11930
Important
11571
Important
11931
Important
11572
Important
11929
Important
12097
Important
12437
Important
12098
Important
12099
Important
20438
Important
20437
Important
12242
Important
12244
Important
12390
Important
12243
Important
12436
Important
12389
Important
20853
Important
20854
Important
11568
Important
11569
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11930
11931
11929
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11930
11931
11929
5087544
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11571
11572
11568
11569
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11571
11572
11568
11569
5087538
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20438
20437
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20438
20437
5089549
5089549
https://support.microsoft.com/help/5089549
20438
20437
12390
12389
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20438
20437
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20438
20437
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12390
12389
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12390
12389
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12390
12389
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12390
12389
5089466
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Telephony Service Elevation of Privilege Vulnerability
<p>Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Telephony Service
Microsoft
Yes
CVE-2026-34338
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
<a href="https://smlijun.github.io/">DongJun Kim</a> with <a href="https://www.enki.co.kr/">Enki WhiteHat</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
<p>Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.</p>
Windows LDAP - Lightweight Directory Access Protocol
Microsoft
Yes
CVE-2026-34339
NULL Pointer Dereference
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
20437
Denial of Service
20438
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
20853
Denial of Service
20854
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20437
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20438
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
20854
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
<a href="https://x.com/aniqfakhrul">Aniq Fakhrul</a>
Howard McGreehan with MSRC V&M
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Projected File System Elevation of Privilege Vulnerability
<p>Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Projected File System
Microsoft
Yes
CVE-2026-34340
Use After Free
11568
11923
11930
11931
11924
11571
11572
11569
12097
11929
12098
12099
12437
20438
12242
12243
20437
12244
12436
12390
12389
20853
20854
Elevation of Privilege
11568
Elevation of Privilege
11923
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
11924
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11569
Elevation of Privilege
12097
Elevation of Privilege
11929
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
20437
Elevation of Privilege
12244
Elevation of Privilege
12436
Elevation of Privilege
12390
Elevation of Privilege
12389
Elevation of Privilege
20853
Elevation of Privilege
20854
Important
11568
Important
11923
Important
11930
Important
11931
Important
11924
Important
11571
Important
11572
Important
11569
Important
12097
Important
11929
Important
12098
Important
12099
Important
12437
Important
20438
Important
12242
Important
12243
Important
20437
Important
12244
Important
12436
Important
12390
Important
12389
Important
20853
Important
20854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11571
11572
11569
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11571
11572
11569
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11930
11931
11929
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11930
11931
11929
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20438
20437
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20438
20437
5089549
5089549
https://support.microsoft.com/help/5089549
20438
20437
12390
12389
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20438
20437
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20438
20437
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12390
12389
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12390
12389
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12390
12389
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12390
12389
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
ChenJian with Sea Security Orca Team
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability
<p>Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Link-Layer Discovery Protocol (LLDP)
Microsoft
Yes
CVE-2026-34341
Double Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
hazard
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p>
<p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-40357
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002868
https://www.microsoft.com/en-us/download/details.aspx?id=108651
5002861
10950
Maybe
Security Update
16.0.5552.1002
https://support.microsoft.com/help/5002868
10950
5002868
5002870
https://www.microsoft.com/en-us/download/details.aspx?id=108654
5002854
11585
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002870
11585
5002870
5002863
https://www.microsoft.com/en-us/download/details.aspx?id=108655
5002853
11961
Maybe
Security Update
16.0.19725.20280
https://support.microsoft.com/help/5002863
11961
5002863
Oleksandr Mirosh
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Office
Microsoft
Yes
CVE-2026-40358
Use After Free
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12420
Critical
12421
Critical
12440
Critical
10753
Critical
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.109.26051019
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002866
https://www.microsoft.com/en-us/download/details.aspx?id=108647
5002859
10753
10754
Maybe
Security Update
16.0.5552.1000
https://support.microsoft.com/help/5002866
10753
10754
5002866
Anonymous
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2026-40359
Use After Free
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002871
https://www.microsoft.com/en-us/download/details.aspx?id=108650
5002855
10836
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002871
10836
5002871
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.109.26051019
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002865
https://www.microsoft.com/en-us/download/details.aspx?id=108648
5002860
10739
10740
Maybe
Security Update
16.0.5552.1000
https://support.microsoft.com/help/5002865
10739
10740
5002865
<a href="https://x.com/dnpushme">f4 & Zhiniang Peng with HUST</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Outlook and Word Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>
<p><strong>Why is Microsoft Word listed in the Security Updates table but the title indicates that Outlook is affected?</strong></p>
<p>This vulnerability can be exploited when rendering email in Outlook (classic). The rendering of email in Outlook (classic) uses Microsoft Word functionality. The vulnerability is in the Word functionality and is exploitable through Outlook (classic).</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Office
Microsoft
Yes
CVE-2026-40361
Use After Free
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10746
10747
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10746
Remote Code Execution
10747
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12420
Critical
12421
Critical
12440
Critical
10746
Critical
10747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10746
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10747
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.109.26051019
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002858
https://www.microsoft.com/en-us/download/details.aspx?id=108649
5002848
10746
10747
Maybe
Security Update
16.0.5552.1000
https://support.microsoft.com/help/5002858
10746
10747
5002858
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
1.1
2026-06-02T07:00:00
<p>Updated CVE title. This is an informational change only.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2026-40362
Heap-based Buffer Overflow
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002871
https://www.microsoft.com/en-us/download/details.aspx?id=108650
5002855
10836
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002871
10836
5002871
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.109.26051019
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002865
https://www.microsoft.com/en-us/download/details.aspx?id=108648
5002860
10739
10740
Maybe
Security Update
16.0.5552.1000
https://support.microsoft.com/help/5002865
10739
10740
5002865
Haein Lee with KAIST Hacking Lab
Jeongmin Choi with <a href="https://s2w.inc/ko">S2W</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an authenticated attacker, as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p>
<p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p>
<p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-40365
Insufficient Granularity of Access Control
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Critical
10950
Critical
11585
Critical
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002868
https://www.microsoft.com/en-us/download/details.aspx?id=108651
5002861
10950
Maybe
Security Update
16.0.5552.1002
https://support.microsoft.com/help/5002868
10950
5002868
5002870
https://www.microsoft.com/en-us/download/details.aspx?id=108654
5002854
11585
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002870
11585
5002870
5002863
https://www.microsoft.com/en-us/download/details.aspx?id=108655
5002853
11961
Maybe
Security Update
16.0.19725.20280
https://support.microsoft.com/help/5002863
11961
5002863
f7d8c52bec79e42795cf15888b85cbad
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability
<p>Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>
<p><strong>Is the Attachment Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes. The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2026-40367
Untrusted Pointer Dereference
10950
11585
11573
11574
11762
11763
11951
11952
11953
11961
12420
12421
12440
10746
10747
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
11961
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10746
Remote Code Execution
10747
Critical
10950
Critical
11585
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
11961
Critical
12420
Critical
12421
Critical
12440
Critical
10746
Critical
10747
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10746
8.4
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10747
5002868
https://www.microsoft.com/en-us/download/details.aspx?id=108651
5002861
10950
Maybe
Security Update
16.0.5552.1002
https://support.microsoft.com/help/5002868
10950
5002868
5002869
https://www.microsoft.com/en-us/download/details.aspx?id=108652
5002862
10950
Maybe
Security Update
16.0.5552.1002
https://support.microsoft.com/help/5002869
10950
5002869
5002870
https://www.microsoft.com/en-us/download/details.aspx?id=108654
5002854
11585
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002870
11585
5002870
5002872
https://www.microsoft.com/en-us/download/details.aspx?id=108653
5002856
11585
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002872
11585
5002872
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.109.26051019
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002863
https://www.microsoft.com/en-us/download/details.aspx?id=108655
5002853
11961
Maybe
Security Update
16.0.19725.20280
https://support.microsoft.com/help/5002863
11961
5002863
5002858
https://www.microsoft.com/en-us/download/details.aspx?id=108649
5002848
10746
10747
Maybe
Security Update
16.0.5552.1000
https://support.microsoft.com/help/5002858
10746
10747
5002858
0ccbbf129444eb66344ccafb92b00df4
1.2
2026-05-20T07:00:00
<p>Today's changes were made in error and have been reverted. This is an informational change only.</p>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
1.1
2026-05-20T07:00:00
<p>The security impact for this vulnerability has been revised from Critical to Important. In addition, the CVSS vector and FAQs were modified. This change does not affect the available security updates. Customers should continue to install the recommended updates to remain protected from this vulnerability.</p>
SQL Server Remote Code Execution Vulnerability
<p>External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An authenticated attacker with explicit permissions could exploit the vulnerability by logging in to the SQL server and could then elevate their privileges to sysadmin.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?</strong></p>
<p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p>
<p>The privilege requirement is low because the attacker needs to be authenticated as a normal user.</p>
<p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p>
<p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p>
<p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p>
<ul>
<li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li>
<li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li>
</ul>
<p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p>
<table>
<thead>
<tr>
<th>Update Number</th>
<th>Title</th>
<th>Version</th>
<th>Apply if current product version is…</th>
<th>This security update also includes servicing releases up through…</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>5089899</strong></td>
<td>Security update for SQL Server 2025 CU4+GDR</td>
<td>17.0.4040.1</td>
<td>17.0.4006.2 - 17.0.4035.5</td>
<td>KB5081495 - Previous SQL2025 RTM CU4</td>
</tr>
<tr>
<td><strong>5091223</strong></td>
<td>Security update for SQL Server 2025 RTM+GDR</td>
<td>17.0.1115.1</td>
<td>17.0.1000.7 - 17.0.1110.1</td>
<td>KB5084814 - Previous SQL2025 RTM GDR</td>
</tr>
<tr>
<td><strong>5089900</strong></td>
<td>Security update for SQL Server 2022 CU24+GDR</td>
<td>16.0.4252.3</td>
<td>16.0.4003.1 - 16.0.4250.1</td>
<td>KB5083252 - Previous SQL2022 RTM CU24</td>
</tr>
<tr>
<td><strong>5091158</strong></td>
<td>Security update for SQL Server 2022 RTM+GDR</td>
<td>16.0.1180.1</td>
<td>16.0.1000.6 - 16.0.1175.1</td>
<td>KB5084815 - Previous SQL2022 RTM GDR</td>
</tr>
<tr>
<td><strong>5090407</strong></td>
<td>Security update for SQL Server 2019 CU32+GDR</td>
<td>15.0.4470.1</td>
<td>15.0.4003.23 - 15.0.4465.1</td>
<td>KB 5084816 - Previous SQL2019 RTM CU32 GDR</td>
</tr>
<tr>
<td><strong>5090408</strong></td>
<td>Security update for SQL Server 2019 RTM+GDR</td>
<td>15.0.2170.1</td>
<td>15.0.2000.5 - 15.0.2165.1</td>
<td>KB 5084817 - Previous SQL2019 RTM GDR</td>
</tr>
<tr>
<td><strong>5090354</strong></td>
<td>Security update for SQL Server 2017 CU31+GDR</td>
<td>14.0.3530.2</td>
<td>14.0.3006.16 - 14.0.3525.1</td>
<td>KB 5084818 - Previous SQL2017 RTM CU31 GDR</td>
</tr>
<tr>
<td><strong>5090347</strong></td>
<td>Security update for SQL Server 2017 RTM+GDR</td>
<td>14.0.2110.2</td>
<td>14.0.1000.169 - 14.0.2105.1</td>
<td>KB 5084819 - Previous SQL2017 RTM GDR</td>
</tr>
<tr>
<td><strong>5089270</strong></td>
<td>Security update for SQL Server 2016 Azure Connect Feature Pack+GDR</td>
<td>13.0.7085.1</td>
<td>13.0.7000.253 - 13.0.7080.1</td>
<td>KB 5084820 - Previous SQL2016 Azure Connect Feature Pack GDR</td>
</tr>
<tr>
<td><strong>5089271</strong></td>
<td>Security update for SQL Server 2016 SP3+GDR</td>
<td>13.0.6490.1</td>
<td>13.0.6300.2 - 13.0.6485.1</td>
<td>KB 5084821 - Previous SQL2016 RTM GDR</td>
</tr>
</tbody>
</table>
<p><strong>What are the GDR and CU update designations and how do they differ?</strong></p>
<p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p>
<ul>
<li>GDR updates – cumulatively only contain security updates for the given baseline.</li>
<li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li>
</ul>
<p>For any given baseline, either the GDR or CU updates could be options (see below).</p>
<ul>
<li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li>
<li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li>
<li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li>
</ul>
<p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p>
<p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p>
<p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p>
SQL Server
Microsoft
Yes
CVE-2026-40370
External Control of File Name or Path
21289
21091
11478
11821
12048
12053
12145
12147
20748
16785
Remote Code Execution
21289
Remote Code Execution
21091
Remote Code Execution
11478
Remote Code Execution
11821
Remote Code Execution
12048
Remote Code Execution
12053
Remote Code Execution
12145
Remote Code Execution
12147
Remote Code Execution
20748
Remote Code Execution
16785
Important
21289
Important
21091
Important
11478
Important
11821
Important
12048
Important
12053
Important
12145
Important
12147
Important
20748
Important
16785
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
21289
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
21091
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11478
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11821
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12048
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12053
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12145
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12147
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20748
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16785
5089899
https://www.microsoft.com/download/details.aspx?id=108661
21289
Maybe
Security Update
17.0.4040.1
https://support.microsoft.com/help/5089899
21289
5089899
5089900
https://www.microsoft.com/download/details.aspx?id=108660
21091
Maybe
Security Update
16.0.4252.3
https://support.microsoft.com/help/5089900
21091
5089900
5090347
https://www.microsoft.com/download/details.aspx?id=108662
11478
Maybe
Security Update
14.0.2110.2
https://support.microsoft.com/help/5090347
11478
5090347
5090408
https://www.microsoft.com/download/details.aspx?id=108665
11821
Maybe
Security Update
15.0.2170.1
https://support.microsoft.com/help/5090408
11821
5090408
5089271
https://www.microsoft.com/download/details.aspx?id=108657
12048
Maybe
Security Update
13.0.6490.1
https://support.microsoft.com/help/5089271
12048
5089271
5089270
https://www.microsoft.com/download/details.aspx?id=108658
12053
Maybe
Security Update
13.0.7085.1
https://support.microsoft.com/help/5089270
12053
5089270
5090354
https://www.microsoft.com/download/details.aspx?id=108659
12145
Maybe
Security Update
14.0.3530.2
https://support.microsoft.com/help/5090354
12145
5090354
5091158
https://www.microsoft.com/download/details.aspx?id=108663
12147
Maybe
Security Update
16.0.1180.1
https://support.microsoft.com/help/5091158
12147
5091158
5091223
https://www.microsoft.com/download/details.aspx?id=108664
20748
Maybe
Security Update
17.0.1115.1
https://support.microsoft.com/help/5091223
20748
5091223
5090407
https://www.microsoft.com/download/details.aspx?id=108656
16785
Maybe
Security Update
15.0.4470.1
https://support.microsoft.com/help/5090407
16785
5090407
<a href="https://twitter.com/chudypb">Piotr Bazydło (@chudypb)</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p>
Windows Kernel
Microsoft
Yes
CVE-2026-40369
Untrusted Pointer Dereference
12437
20438
20437
12390
12436
20853
20854
12389
Elevation of Privilege
12437
Elevation of Privilege
20438
Elevation of Privilege
20437
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
12389
Important
12437
Important
20438
Important
20437
Important
12390
Important
12436
Important
20853
Important
20854
Important
12389
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20438
20437
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20438
20437
5089549
5089549
https://support.microsoft.com/help/5089549
20438
20437
12390
12389
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20438
20437
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20438
20437
5089466
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12390
12389
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12390
12389
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12390
12389
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12390
12389
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
<a href="https://www.linkedin.com/in/théo-d-75a617265/">Théo DUTEIS</a>
Calif.io in collaboration with Claude and Anthropic Research
<a href="https://doyensec.com/">Adrian Denkiewicz at Doyensec in collaboration with Anthropic Research</a>
<a href="https://sec-fault.com/">Len Sadowski (lytnc)</a> and <a href="https://ozbsec.com/">Oguz Bektas (_ozb_)</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Telephony Service Elevation of Privilege Vulnerability
<p>Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Telephony Service
Microsoft
Yes
CVE-2026-40382
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
<a href="https://smlijun.github.io/">DongJun Kim</a> with <a href="https://www.enki.co.kr/">Enki WhiteHat</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Common Log File System Driver Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Common Log File System Driver
Microsoft
Yes
CVE-2026-40397
Integer Underflow (Wrap or Wraparound)
11569
11923
11568
11924
11571
11572
11931
11930
11929
12097
12098
12099
12437
20437
20438
12244
12242
12243
12390
12389
12436
20853
20854
10852
10853
10816
10855
10379
10378
10543
10483
Elevation of Privilege
11569
Elevation of Privilege
11923
Elevation of Privilege
11568
Elevation of Privilege
11924
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11931
Elevation of Privilege
11930
Elevation of Privilege
11929
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12244
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12390
Elevation of Privilege
12389
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10379
Elevation of Privilege
10378
Elevation of Privilege
10543
Elevation of Privilege
10483
Important
11569
Important
11923
Important
11568
Important
11924
Important
11571
Important
11572
Important
11931
Important
11930
Important
11929
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12244
Important
12242
Important
12243
Important
12390
Important
12389
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10379
Important
10378
Important
10543
Important
10483
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11569
11568
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11569
11568
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11931
11930
11929
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11931
11930
11929
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12390
12389
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12390
12389
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12390
12389
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12390
12389
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12390
12389
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10379
10378
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10379
10378
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10543
10483
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10543
10483
5087471
Puneeth Kumar Katikela
Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
<p>Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>Successfully exploiting this vulnerability could allow an attacker to bypass network security protections that rely on Fully Qualified Domain Name (FQDN)‑based rules, such as policies that block or allow network connections based on domain names. This could reduce the effectiveness of security features that depend on those domain‑based network controls.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>
<p>Successful exploitation allows limited tampering with security configuration (low integrity impact) but does not expose sensitive data or disrupt system availability. In short, the vulnerability weakens specific security enforcement controls without causing data disclosure or service outages.</p>
Windows Filtering Platform (WFP)
Microsoft
Yes
CVE-2026-32209
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12437
Security Feature Bypass
20437
Security Feature Bypass
20438
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Security Feature Bypass
20853
Security Feature Bypass
20854
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11568
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11569
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11571
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11572
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11923
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11924
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11929
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11930
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11931
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12097
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12098
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12099
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12437
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
20437
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
20438
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12242
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12243
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12244
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12389
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12390
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
12436
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
20853
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
20854
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
10852
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
10853
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
10816
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
10855
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
10378
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
10379
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
10483
4.4
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Adam Hassan with Microsoft Offensive Research & Security Engineering (MORSE)
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Remote Desktop Services Elevation of Privilege Vulnerability
<p>Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Remote Desktop
Microsoft
Yes
CVE-2026-40398
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
20853
Elevation of Privilege
20854
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Calif.io in collaboration with Claude and Anthropic Research
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows TCP/IP Denial of Service Vulnerability
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.</p>
Windows TCP/IP
Microsoft
Yes
CVE-2026-40401
NULL Pointer Dereference
11569
11571
11572
11923
11924
11931
12097
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10853
10816
10855
10378
10379
10483
10543
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11931
Denial of Service
12097
Denial of Service
12437
Denial of Service
20437
Denial of Service
20438
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
20853
Denial of Service
20854
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11931
Important
12097
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20437
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20438
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20853
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20854
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
5094127
5094127
https://support.microsoft.com/help/5094127
12097
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Windows Attack Research & Protection (WARP) with <a href="https://microsoft.com/">Microsoft</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Hyper-V Elevation of Privilege Vulnerability
<p>Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>Under what circumstances might this vulnerability be exploited other than as a denial of service attack against a Hyper-V host?</strong></p>
<p>This issue allows a guest VM to force the Hyper-V host's kernel to read from an arbitrary, potentially invalid address. The contents of the address read would not be returned to the guest VM. In most circumstances, this would result in a denial of service of the Hyper-V host (bugcheck) due to reading an unmapped address. It is possible to read from a memory mapped device register corresponding to a hardware device attached to the Hyper-V host which may trigger additional, hardware device specific side effects that could compromise the Hyper-V host's security.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to gain access to the Hyper-V host environment.</p>
Windows Hyper-V
Microsoft
Yes
CVE-2026-40402
Use After Free
11923
11924
12242
12243
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
12242
Elevation of Privilege
12243
Critical
11923
Critical
11924
Critical
12242
Critical
12243
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
9.3
8.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
9.3
8.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
9.3
8.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
9.3
8.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
<a href="https://x.com/0xashutosh">Ashutosh</a> with <a href="https://www.skyhighsecurity.com/">skyhighsecurity</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Graphics Component Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.
The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker can exploit this vulnerability by getting access to the local guest VM so they can attack the Host OS.</p>
Windows Win32K - GRFX
Microsoft
Yes
CVE-2026-40403
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10852
10853
10816
10855
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
20437
Remote Code Execution
20438
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
20853
Remote Code Execution
20854
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
20437
Critical
20438
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
20853
Critical
20854
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Calif.io and Milad Nasr (Anthropic) with Claude with Calif.io and Anthropic
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows TCP/IP Denial of Service Vulnerability
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.</p>
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p>
Windows TCP/IP
Microsoft
Yes
CVE-2026-40413
NULL Pointer Dereference
11569
11571
11572
11923
11924
11931
12097
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
10853
10816
10855
10378
10379
10483
10543
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11931
Denial of Service
12097
Denial of Service
12437
Denial of Service
20437
Denial of Service
20438
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
20853
Denial of Service
20854
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11931
Important
12097
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20437
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20438
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20853
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
20854
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
5094127
5094127
https://support.microsoft.com/help/5094127
12097
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10853
10816
10855
5087537
5087470
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087470
5082127
10378
10379
Yes
Monthly Rollup
6.2.9200.26079
https://support.microsoft.com/help/5087470
10378
10379
5087470
5087471
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087471
5082126
10483
10543
Yes
Monthly Rollup
6.3.9600.23181
https://support.microsoft.com/help/5087471
10483
10543
5087471
Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
<p>Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Office Click-To-Run
Microsoft
Yes
CVE-2026-40418
Use After Free
11573
11574
11762
11763
11952
11953
12420
12421
Elevation of Privilege
11573
Elevation of Privilege
11574
Elevation of Privilege
11762
Elevation of Privilege
11763
Elevation of Privilege
11952
Elevation of Privilege
11953
Elevation of Privilege
12420
Elevation of Privilege
12421
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
0ccbbf129444eb66344ccafb92b00df4
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
<p>Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Click-To-Run
Microsoft
Yes
CVE-2026-35436
Insufficient Granularity of Access Control
11573
11574
11762
11763
11952
11953
12420
12421
Elevation of Privilege
11573
Elevation of Privilege
11574
Elevation of Privilege
11762
Elevation of Privilege
11763
Elevation of Privilege
11952
Elevation of Privilege
11953
Elevation of Privilege
12420
Elevation of Privilege
12421
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Ben Lichtman with Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
<p>Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a browser sandbox escape.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Office Click-To-Run
Microsoft
Yes
CVE-2026-40420
Improper Access Control
11573
11574
11762
11763
11952
11953
12420
12421
Elevation of Privilege
11573
Elevation of Privilege
11574
Elevation of Privilege
11762
Elevation of Privilege
11763
Elevation of Privilege
11952
Elevation of Privilege
11953
Elevation of Privilege
12420
Elevation of Privilege
12421
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
8.8
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Ben Lichtman with Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
<p>Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An authenticated attacker with low‑privileged access could exploit this vulnerability by sending a specially crafted request to the affected Windows Admin Center update API, allowing them to perform actions that their assigned permissions should not normally permit.</p>
Windows Admin Center
Microsoft
Yes
CVE-2026-41086
Improper Access Control
12518
Elevation of Privilege
12518
Important
12518
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12518
Release Notes
https://aka.ms/wacdownload
12518
No
Security Update
0.76.0.0
https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/extension-release-notes
12518
Release Notes
N4ichimi
1.0
2026-05-12T07:00:00
<p>Information published.</p>
1.1
2026-06-07T07:00:00
<p>Updated the build numbers. This is an informational update only.</p>
Secure Boot Security Feature Bypass Vulnerability
<p>Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p>
Windows Secure Boot
Microsoft
Yes
CVE-2026-41097
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
20853
20854
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12437
Security Feature Bypass
20437
Security Feature Bypass
20438
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Security Feature Bypass
20853
Security Feature Bypass
20854
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
20853
Important
20854
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20437
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20438
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20853
6.7
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
20854
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5087424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087424
11923
11924
Yes
Security Hotpatch Update
10.0.20348.5074
https://support.microsoft.com/help/5087424
11923
11924
5087424
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20853
20854
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20853
20854
5089548
Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Azure Connected Machine Agent Elevation of Privilege Vulnerability
<p>Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker who already has access to the affected system could interfere with a local service port used by ArcProxy and respond with specially crafted authentication data. By doing this, the attacker can cause the service to access and return files that would normally only be available to a more privileged system account, potentially exposing sensitive information.</p>
Azure Connected Machine Agent
Microsoft
Yes
CVE-2026-40381
Improper Access Control
12264
Elevation of Privilege
12264
Important
12264
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12264
Release Notes
https://gbl.his.arc.azure.com/azcmagent/1.63/AzureConnectedMachineAgent.msi
12264
No
Security Update (Windows)
1.63
https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes
12264
Release Notes
Release Notes
https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent#install-a-specific-version-of-the-agent
12264
No
Security Update (Linux)
1.63
https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes
12264
Release Notes
Eli Arshin with Microsoft
Michal Kamensky with Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
<p>Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass authentication and gain unauthorized access to Jira or Confluence as a valid user. This may allow the attacker to view or modify content and perform actions with the same permissions as the compromised account, based on the authorization levels defined for that user within the Jira or Confluence server.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by sending a specially crafted SSO response during the login process that tricks the system into accepting a forged identity, allowing the attacker to sign in without authenticating the user through Microsoft Entra ID.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), but could lead to no loss of availability (A:N). What does that mean for this vulnerability?</strong></p>
<p>This means that an attacker who successfully exploits the vulnerability could access sensitive information and modify data within Jira or Confluence based on the authorization defined for the user in those servers but availability is not impacted because the vulnerability only allows an attacker to bypass authentication and act as a legitimate user, without providing any capability to disrupt, degrade, or take down the Jira or Confluence service itself.</p>
Microsoft SSO Plugin for Jira & Confluence
Microsoft
Yes
CVE-2026-41103
Incorrect Implementation of Authentication Algorithm
21245
21323
Elevation of Privilege
21245
Elevation of Privilege
21323
Critical
21245
Critical
21323
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
9.1
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
21245
9.1
7.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
21323
Release Notes
https://www.microsoft.com/download/details.aspx?id=56506
21245
No
Security Update
1.3.3
https://learn.microsoft.com/en-us/entra/identity/saas-apps/jiramicrosoft-tutorial
21245
Release Notes
Release Notes
https://marketplace.atlassian.com/apps/1224430/microsoft-azure-active-directory-single-sign-on-for-jira?tab=overview&hosting=datacenter
21245
No
Security Update (Atlassian Marketplace)
1.3.3
https://marketplace.atlassian.com/apps/1224430/com.microsoft.MicrosoftSsoJiraPlugin/version-history
21245
Release Notes
Release Notes
https://www.microsoft.com/download/details.aspx?id=56503
21323
No
Security Update
7.4.0
https://learn.microsoft.com/en-us/entra/identity/saas-apps/confluencemicrosoft-tutorial
21323
Release Notes
Robert Fitzpatrick with Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Visual Studio Code Elevation of Privilege Vulnerability
<p>Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>A successful attacker could obtain the permissions associated with the MCP Server’s managed identity. This may allow the attacker to access or perform actions on any resources that the managed identity is authorized to reach. The attacker does not gain broader tenant‑level or administrator permissions; only those tied to the compromised managed identity.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.</p>
Visual Studio Code
Microsoft
Yes
CVE-2026-41613
Session Fixation
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
11622
Elevation of Privilege
11622
Important
11622
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11622
Release Notes
https://code.visualstudio.com/Download
11622
Maybe
Security Update
1.119.1
https://code.visualstudio.com/updates/v1_119
11622
Release Notes
<a href="https://www.linkedin.com/in/luz-elad/">Elad Luz</a> with <a href="https://www.oasis.security/">Oasis Security</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Azure Logic Apps Elevation of Privilege Vulnerability
<p>Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>What do customers do to protect themselves from the vulnerability?</strong></p>
<p>Customers will be notified via <a href="https://learn.microsoft.com/azure/service-health/service-health-overview"> Azure Service Health notification</a> if they are impacted by this vulnerability. These alerts will include specific mitigation guidance and required actions for affected Azure Logic Apps resources.</p>
<p>Customers who have received an Azure Service Health notification for this issue can reference** Tracking ID:** <em><strong>1P8-C0G</strong></em> in the Azure portal to review the applicable guidance and required remediation steps.</p>
<p>The Security Updates table for this CVE will be updated as additional information becomes available.</p>
<p>Additionally, customers who have <a href="https://www.microsoft.com/en-us/msrc/technical-security-notifications">subscribed</a> to the Security Update Guide will be notified when this CVE is revised to reflect updated guidance or mitigation details. If you wish to be notified when updates are released, we recommend registering for security notifications to stay informed of content changes.</p>
Azure Logic Apps
Microsoft
Yes
CVE-2026-42823
Improper Access Control
12228
Elevation of Privilege
12228
Important
12228
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
9.9
8.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12228
<a href="https://www.linkedin.com/in/rajeshchada/">Rajesh Chada</a> with Microsoft
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
<p>Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and availability (A:N), but could lead to major loss of integrity (I:H). What does that mean for this vulnerability?</strong></p>
<p>This primarily impacts integrity, as an attacker could execute unauthorized code and modify system behavior or trusted processes. There is no direct impact to confidentiality, as the scenario does not inherently provide access to sensitive data, and no impact to availability, as exploitation does not inherently disrupt service operation.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p>
<p><strong>What privileges an attacker could gain with a successful exploitation?</strong></p>
<p>The OpenSSL configuration auto‑loading behavior allows extension modules (such as MetricsExtension) to load automatically. Therefore, if an attacker was able to place a malicious DLL in a location referenced by the configuration, it could get loaded implicitly, that could result in arbitrary code execution with elevated privileges.</p>
Azure Monitor Agent
Microsoft
Yes
CVE-2026-42830
Untrusted Search Path
21301
Elevation of Privilege
21301
Important
21301
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
21301
Release Notes
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-extension-versions
21301
No
Security Update
1.42.0
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-extension-versions
21301
Release Notes
Cristhian Parrot with <a href="https://www.kroll.com/en">Kroll</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Office Spoofing Vulnerability
<p>Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2026-42832
Improper Access Control
11772
12031
11951
12440
Spoofing
11772
Spoofing
12031
Spoofing
11951
Spoofing
12440
Important
11772
Important
12031
Important
11951
Important
12440
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11772
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12031
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11951
7.7
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12440
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.word&hl=en_US
11772
Maybe
Security Update
16.0.19822.20190
https://play.google.com/store/apps/details?id=com.microsoft.office.word&hl=en_US
11772
Release Notes
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.office.excel&hl=en_US
12031
Maybe
Security Update
16.0.19822.20190
https://play.google.com/store/apps/details?id=com.microsoft.office.excel&hl=en_US
12031
Release Notes
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.109.26051019
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
<a href="https://twitter.com/yanir_">Yanir Tsarimi</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
<p>Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to already have a high level of access, specifically a System Administrator role in Microsoft Dynamics 365 CRM. As a result, this issue cannot be exploited by an unauthenticated or low-privilege user and would only be relevant to users who already have elevated permissions.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker with System Administrator privileges could modify specific data associated with background operations through the CRM web interface. When the system later processes this data, it may be deserialized without proper validation, allowing the attacker to trigger unauthorized commands on the CRM server.</p>
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content.</p>
Microsoft Dynamics 365 (on-premises)
Microsoft
Yes
CVE-2026-42833
Execution with Unnecessary Privileges
11921
Remote Code Execution
11921
Important
11921
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
9.1
7.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11921
5078943
https://support.microsoft.com/en-us/topic/service-update-1-44-for-microsoft-dynamics-crm-on-premises-9-1-43630351-d782-4769-a59b-6a0f340c37f5
11921
Maybe
Security Update
9.1.45.11
https://support.microsoft.com/help/5078943
11921
5078943
<a href="https://twitter.com/hoangnx99">nxhoang99</a> and <a href="hoang.ha.handle@gmail.com">hoangha<a/> with <a href="https://lab.viettelcybersecurity.com/">VCSLab of Viettel Cyber Security</a>
<a href="https://www.linkedin.com/in/talha--gunay/">TALHA GÜNAY</a>
f7d8c52bec79e42795cf15888b85cbad
<a href="https://twitter.com/hoangnx99">nxhoang99</a> and <a href="hoang.ha.handle@gmail.com">hoangha<a/> with <a href="https://lab.viettelcybersecurity.com/">VCSLab of Viettel Cyber Security</a>
Kentaro Kawane with <a href="https://gmo-cybersecurity.com/">GMO Cybersecurity by Ierae, Inc.</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
1.1
2026-05-13T07:00:00
<p>Updated the fixed version number. This is an informational change only.</p>
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
<p>User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>What is the impact of this vulnerability?</strong></p>
<p>When shortening RTL characters in domains, edge will display the wrong part of the domain in the omnibox.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2026-40416
User Interface (UI) Misrepresentation of Critical Information
11655
Spoofing
11655
Low
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://www.linkedin.com/in/jodyritonga/">Jody Ritonga</a> with test
<a href="https://www.linkedin.com/in/barathstalin/">Barath Stalin K</a>
1.0
2026-05-11T07:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
<p>Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>The attacker would gain the rights of the user that is running the affected application.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.55</td>
<td>05/11/2026</td>
<td>148.0.7778.97</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2026-42838
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
11655
Elevation of Privilege
11655
Important
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
148.0.3967.55
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://www.linkedin.com/in/spandan0x50">Spandan Pokhrel</a>
1.0
2026-05-11T07:00:00
<p>Information published.</p>
AMD: CVE-2025-54518 CPU OP Cache Corruption
<p>This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible.</p>
<p>The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information:</p>
<ul>
<li><a href="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html">AMD-SB-7052</a></li>
</ul>
AMD CPU Branch
AMD
Yes
CVE-2025-54518
11568
11569
11571
11572
11923
11924
11929
11930
11931
12097
12098
12099
12437
20437
20438
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
20854
21196
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
20437
Elevation of Privilege
20438
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
20854
Elevation of Privilege
21196
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
12437
Important
20437
Important
20438
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Important
20854
Important
21196
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
5087538
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087538
5082123
11568
11569
11571
11572
Yes
Security Update
10.0.17763.8755
https://support.microsoft.com/help/5087538
11568
11569
11571
11572
5087538
5087545
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087545
5082142
11923
11924
Yes
Security Update
10.0.20348.5139
https://support.microsoft.com/help/5087545
11923
11924
5087545
5087545
https://support.microsoft.com/help/5087545
11923
11924
5078737
5075943
11923
11924
No
Security Hotpatch Update
10.0.20348.4830
https://support.microsoft.com/help/5078737
11923
11924
5078737
5078737
https://support.microsoft.com/help/5078737
11923
11924
5087544
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087544
5082200
11929
11930
11931
Yes
Security Update
10.0.19044.7291
https://support.microsoft.com/help/5087544
11929
11930
11931
5087544
5094127
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094127
5087544
12097
12098
12099
Yes
Security Update
10.0.19045.7417
https://support.microsoft.com/help/5094127
12097
12098
12099
5094127
5094127
https://support.microsoft.com/help/5094127
12097
12098
12099
5087539
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087539
5082063
12437
12436
Yes
Security Update
10.0.26100.32860
https://support.microsoft.com/help/5087539
12437
12436
5087539
5087539
https://support.microsoft.com/help/5087539
12437
12436
5087423
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087423
12437
12436
Yes
Security Hotpatch Update
10.0.26100.32772
https://support.microsoft.com/help/5087423
12437
12436
5087423
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5083769
20437
20438
Yes
Security Update
10.0.26200.8457
https://support.microsoft.com/help/5089549
20437
20438
5089549
5089549
https://support.microsoft.com/help/5089549
20437
20438
12389
12390
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
20437
20438
Yes
Security Hotpatch Update
10.0.26200.8390
https://support.microsoft.com/help/5089466
20437
20438
5089466
5087420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087420
5082052
12242
Yes
Security Update
10.0.22631.7079
https://support.microsoft.com/help/5087420
12242
5087420
5087420
https://support.microsoft.com/help/5087420
12242
5093998
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5093998
5087420
12243
Yes
Security Update
10.0.22631.7219
https://support.microsoft.com/help/5093998
12243
5093998
5087541
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087541
5082060
12244
Yes
Security Update
10.0.25398.2330
https://support.microsoft.com/help/5087541
12244
5087541
5087541
https://support.microsoft.com/help/5087541
12244
5089549
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089549
5082063
12389
12390
Yes
Security Update
10.0.26100.8457
https://support.microsoft.com/help/5089549
12389
12390
5089549
5089466
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089466
12389
12390
Yes
Security Hotpatch Update
10.0.26100.8390
https://support.microsoft.com/help/5089466
12389
12390
5089466
5087537
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5087537
5082198
10852
10853
10816
10855
Yes
Security Update
10.0.14393.9140
https://support.microsoft.com/help/5087537
10852
10853
10816
10855
5087537
5089548
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5089548
5083768
20854
21196
Yes
Security Update
10.0.28000.2113
https://support.microsoft.com/help/5089548
20854
21196
5089548
1.0
2026-05-12T07:00:00
<p>Information published.</p>
1.1
2026-06-01T07:00:00
<p>Updated Hotpatch links. This is in informational change only.</p>
Microsoft Outlook for iOS Tampering Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.</p>
M365 Copilot
Microsoft
Yes
CVE-2026-42893
Improper Neutralization of Special Elements used in a Command ('Command Injection')
11685
Tampering
11685
Important
11685
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.4
6.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
11685
https://apps.apple.com/us/app/microsoft-outlook/id951937596
11685
Maybe
Security Update
5.2617.1
11685
Ofek Levin with <a href="https://enclave.ai/">Enclave</a>
1.0
2026-05-12T07:00:00
<p>Information published.</p>
Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability
<p>Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Dynamics 365 Customer Insights
Microsoft
No
CVE-2026-33821
Improper Privilege Management
12335
Elevation of Privilege
12335
Critical
12335
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
7.7
6.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
12335
<a href="https://www.linkedin.com/in/mhcan/">Harun CAN</a> with https://www.linkedin.com/in/mhcan/
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
<p>Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An authenticated local attacker can disable or enable Windows VBS without administrative privileges, resulting in bypass of platform security hardening. This does not grant direct code execution as another user but weakens system security guarantees, enabling follow‑on attacks.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2026-45492
Improper Input Validation
11655
Security Feature Bypass
11655
Moderate
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) working with TrendAI Zero Day Initiative
Anonymous
1.0
2026-05-15T07:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Spoofing Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>
<p>The Edge browser's tab-splitting feature, which allows users to browse two tabs simultaneously, only displays the domain prefix in the address bars instead of the full URL. This behavior can lead to phishing vulnerabilities, as attackers could exploit it to make malicious websites appear legitimate by mimicking trusted domain names.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to open a web page that contained a malicious iframe.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2026-45494
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
11655
Spoofing
11655
Moderate
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) working with TrendAI Zero Day Initiative
1.0
2026-05-15T07:00:00
<p>Information published.</p>
1.1
2026-06-01T07:00:00
<p>Acknowledgement added. This is an informational change only.</p>
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p>
<p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2026-45495
Path Traversal: '.../...//'
11655
Remote Code Execution
11655
Important
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) working with TrendAI Zero Day Initiative
1.1
2026-05-26T07:00:00
<p>CWE added. Informational change only.</p>
1.0
2026-05-15T07:00:00
<p>Information published.</p>
1.2
2026-06-01T07:00:00
<p>Acknowledgement added. This is an informational change only.</p>
Chromium: CVE-2026-8587 Use after free in Extensions
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8587
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:35
<p>Information published.</p>
Chromium: CVE-2026-8586 Inappropriate implementation in Chromoting
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8586
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:34
<p>Information published.</p>
Chromium: CVE-2026-8585 Inappropriate implementation in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8585
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:33
<p>Information published.</p>
Chromium: CVE-2026-8584 Inappropriate implementation in Views
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8584
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:32
<p>Information published.</p>
Chromium: CVE-2026-8582 Object lifecycle issue in Dawn
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8582
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:30
<p>Information published.</p>
Chromium: CVE-2026-8581 Use after free in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8581
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:29
<p>Information published.</p>
Chromium: CVE-2026-8580 Use after free in Mojo
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8580
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:28
<p>Information published.</p>
Chromium: CVE-2026-8579 Insufficient validation of untrusted input in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8579
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:27
<p>Information published.</p>
Chromium: CVE-2026-8578 Out of bounds read in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8578
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:26
<p>Information published.</p>
Chromium: CVE-2026-8577 Integer overflow in Fonts
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8577
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:25
<p>Information published.</p>
Chromium: CVE-2026-8576 Inappropriate implementation in CORS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8576
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:24
<p>Information published.</p>
Chromium: CVE-2026-8575 Use after free in UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8575
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:23
<p>Information published.</p>
Chromium: CVE-2026-8573 Integer overflow in Codecs
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8573
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:22
<p>Information published.</p>
Chromium: CVE-2026-8572 Insufficient policy enforcement in Network
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8572
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:21
<p>Information published.</p>
Chromium: CVE-2026-8571 Insufficient policy enforcement in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8571
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:20
<p>Information published.</p>
Chromium: CVE-2026-8570 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8570
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:19
<p>Information published.</p>
Chromium: CVE-2026-8569 Out of bounds write in Codecs
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8569
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:18
<p>Information published.</p>
Chromium: CVE-2026-8568 Insufficient policy enforcement in AI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8568
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:16
<p>Information published.</p>
Chromium: CVE-2026-8567 Integer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8567
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:15
<p>Information published.</p>
Chromium: CVE-2026-8566 Insufficient policy enforcement in Payments
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8566
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:15
<p>Information published.</p>
Chromium: CVE-2026-8565 Inappropriate implementation in Downloads
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8565
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:14
<p>Information published.</p>
Chromium: CVE-2026-8563 Insufficient policy enforcement in IFrame Sandbox
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8563
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:11
<p>Information published.</p>
Chromium: CVE-2026-8562 Side-channel information leakage in Navigation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8562
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:10
<p>Information published.</p>
Chromium: CVE-2026-8561 Incorrect security UI in Fullscreen
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8561
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:09
<p>Information published.</p>
Chromium: CVE-2026-8560 Heap buffer overflow in SwiftShader
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8560
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:08
<p>Information published.</p>
Chromium: CVE-2026-8559 Integer overflow in Internationalization
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8559
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:07
<p>Information published.</p>
Chromium: CVE-2026-8558 Out of bounds write in Fonts
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8558
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:06
<p>Information published.</p>
Chromium: CVE-2026-8557 Use after free in Accessibility
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8557
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:05
<p>Information published.</p>
Chromium: CVE-2026-8556 Inappropriate implementation in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8556
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:04
<p>Information published.</p>
Chromium: CVE-2026-8555 Use after free in GTK
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8555
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:04
<p>Information published.</p>
Chromium: CVE-2026-8553 Use after free in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8553
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:02
<p>Information published.</p>
Chromium: CVE-2026-8554 Type Confusion in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8554
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:03
<p>Information published.</p>
Chromium: CVE-2026-8551 Use after free in Downloads
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8551
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:00
<p>Information published.</p>
Chromium: CVE-2026-8552 Heap buffer overflow in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8552
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:01
<p>Information published.</p>
Chromium: CVE-2026-8550 Use after free in Google Lens
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8550
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:59
<p>Information published.</p>
Chromium: CVE-2026-8549 Use after free in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8549
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:58
<p>Information published.</p>
Chromium: CVE-2026-8548 Out of bounds write in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8548
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:56
<p>Information published.</p>
Chromium: CVE-2026-8547 Insufficient policy enforcement in Passwords
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8547
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:55
<p>Information published.</p>
Chromium: CVE-2026-8546 Out of bounds read in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8546
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:54
<p>Information published.</p>
Chromium: CVE-2026-8545 Object corruption in Compositing
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8545
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:53
<p>Information published.</p>
Chromium: CVE-2026-8544 Use after free in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8544
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:52
<p>Information published.</p>
Chromium: CVE-2026-8543 Out of bounds read in FileSystem
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8543
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:51
<p>Information published.</p>
Chromium: CVE-2026-8542 Use after free in Core
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8542
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:50
<p>Information published.</p>
Chromium: CVE-2026-8541 Out of bounds read in UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8541
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:49
<p>Information published.</p>
Chromium: CVE-2026-8540 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8540
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:48
<p>Information published.</p>
Chromium: CVE-2026-8539 Script injection in SanitizerAPI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8539
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:47
<p>Information published.</p>
Chromium: CVE-2026-8538 Insufficient validation of untrusted input in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8538
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:46
<p>Information published.</p>
Chromium: CVE-2026-8537 Insufficient policy enforcement in ViewTransitions
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8537
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:45
<p>Information published.</p>
Chromium: CVE-2026-8536 Insufficient validation of untrusted input in ReadingMode
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8536
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:44
<p>Information published.</p>
Chromium: CVE-2026-8535 Out of bounds read in Media
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8535
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:43
<p>Information published.</p>
Chromium: CVE-2026-8534 Integer overflow in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8534
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:42
<p>Information published.</p>
Chromium: CVE-2026-8533 Use after free in Accessibility
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8533
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:41
<p>Information published.</p>
Chromium: CVE-2026-8532 Integer overflow in XML
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8532
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:40
<p>Information published.</p>
Chromium: CVE-2026-8531 Heap buffer overflow in WebML
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8531
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:39
<p>Information published.</p>
Chromium: CVE-2026-8530 Use after free in Network
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8530
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:38
<p>Information published.</p>
Chromium: CVE-2026-8529 Heap buffer overflow in Codecs
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8529
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:37
<p>Information published.</p>
Chromium: CVE-2026-8528 Insufficient validation of untrusted input in SiteIsolation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8528
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:36
<p>Information published.</p>
Chromium: CVE-2026-8527 Insufficient validation of untrusted input in Downloads
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8527
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:35
<p>Information published.</p>
Chromium: CVE-2026-8526 Out of bounds write in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8526
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:34
<p>Information published.</p>
Chromium: CVE-2026-8523 Use after free in Mojo
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8523
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:31
<p>Information published.</p>
Chromium: CVE-2026-8519 Integer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8519
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:27
<p>Information published.</p>
Chromium: CVE-2026-8518 Use after free in Blink
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8518
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:26
<p>Information published.</p>
Chromium: CVE-2026-8517 Object lifecycle issue in WebShare
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8517
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:25
<p>Information published.</p>
Chromium: CVE-2026-8516 Insufficient validation of untrusted input in DataTransfer
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8516
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:24
<p>Information published.</p>
Chromium: CVE-2026-8515 Use after free in HID
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8515
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:23
<p>Information published.</p>
Chromium: CVE-2026-8514 Use after free in Aura
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8514
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:23
<p>Information published.</p>
Chromium: CVE-2026-8513 Use after free in Input
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8513
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:22
<p>Information published.</p>
Chromium: CVE-2026-8512 Use after free in FileSystem
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8512
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:21
<p>Information published.</p>
Chromium: CVE-2026-8511 Use after free in UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8511
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:20
<p>Information published.</p>
Chromium: CVE-2026-8509 Heap buffer overflow in WebML
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8509
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:15
<p>Information published.</p>
Chromium: CVE-2026-8525 Heap buffer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8525
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:33
<p>Information published.</p>
Chromium: CVE-2026-8524 Out of bounds write in WebAudio
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8524
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:32
<p>Information published.</p>
Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability
<p>Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>How do I protect myself from this vulnerability?</strong></p>
<p><em><strong>For Azure Local Disconnected Operations (ALDO) customers:</strong></em></p>
<p>To protect against this vulnerability, customers must update their Azure Local Disconnected Operations (ALDO) environment to the latest available release (version 2604 or later). Updates are not available as standalone patches and must be applied as a full system update through the Azure portal. ALDO is a restricted offering, and updates are only available to approved customers via allow-listing.</p>
<p>Customers should follow Microsoft guidance to obtain access and apply the update, using the following documentation:</p>
<p><a href="https://learn.microsoft.com/en-us/azure/azure-local/manage/disconnected-operations-deploy?view=azloc-2604">How to deploy Disconnected Operations for Azure Local</a></p>
<p><a href="https://learn.microsoft.com/en-us/azure/azure-local/manage/disconnected-operations-update?view=azloc-2604">How to update Disconnected Operations for Azure Local</a></p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker could gain elevated privileges beyond those normally available to them, allowing actions such as accessing restricted information or performing operations that are typically limited to more highly privileged users or administrators.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>The most realistic exploitation scenario involves a malicious or compromised insider with existing access to the customer’s environment.</p>
<p>An attacker could exploit this vulnerability if they:</p>
<ul>
<li>Already have access to the internal environment (e.g., an internal user, contractor, or compromised account).</li>
<li>Possess or can obtain relevant identity information such as tenant identifiers, user identifiers, credentials, or tokens.</li>
<li>Use this access to interact with and attempt exploitation within the Azure Local Disconnected Operations (ALDO) environment.</li>
</ul>
<p>Because an insider or compromised internal identity already satisfies many of the environmental and authentication requirements, they may bypass several of the barriers that would otherwise make exploitation more difficult.</p>
<p>In external attacker scenarios, exploitation is significantly more constrained. An attacker would first need to:</p>
<ul>
<li>Gain access to the customer’s internal network (which may require physical presence or prior compromise), and</li>
<li>Obtain valid identity context within the environment.</li>
</ul>
<p>Additionally, Azure Local Disconnected Operations is designed to operate in a disconnected and isolated configuration, limiting direct external exposure and reducing the likelihood of opportunistic remote exploitation.</p>
Azure Local Disconnected Operations
Microsoft
Yes
CVE-2026-42822
Improper Authentication
20844
Elevation of Privilege
20844
Critical
20844
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
10.0
8.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
20844
Release Notes
20844
No
Security Update
2604.2.25645
https://learn.microsoft.com/en-us/azure/azure-local/manage/disconnected-operations-whats-new?view=azloc-2604
20844
Release Notes
Sridhar Periyasamy
1.0
2026-05-18T07:00:00
<p>Information published.</p>
Microsoft Defender Remote Code Execution Vulnerability
<p>Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability would require a remote, unauthenticated attacker to entice a local user to take multiple actions that results in Defender scanning a malicious file that has been quarantined.</p>
<table>
<thead>
<tr>
<th>References</th>
<th>Identification</th>
</tr>
</thead>
<tbody>
<tr>
<td>Last version of the Microsoft Malware Protection Engine affected by this vulnerability</td>
<td>1.1.26030.3008</td>
</tr>
<tr>
<td>First version of the Microsoft Malware Protection Engine with this vulnerability addressed</td>
<td>Version 1.1.26040.8</td>
</tr>
</tbody>
</table>
<p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p>
<p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p>
<p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p>
<p><strong>Why is no action required to install this update?</strong></p>
<p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p>
<p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p>
<p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.</p>
<p><strong>How often are the Microsoft Malware Protection Engine and malware definitions updated?</strong></p>
<p>Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p>
<p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p>
<p><strong>What is the Microsoft Malware Protection Engine?</strong></p>
<p>The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.</p>
<p><strong>Windows Defender uses the Microsoft Malware Protection Engine. On which products is Defender installed and active by default?</strong></p>
<p>Defender runs on all supported version of Windows.</p>
<p><strong>Are there other products that use the Microsoft Malware Protection Engine?</strong></p>
<p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p>
<p><strong>Does this update contain any additional security-related changes to functionality?</strong></p>
<p>Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p>
Microsoft Defender
Microsoft
Yes
CVE-2026-45584
Heap-based Buffer Overflow
11902
Remote Code Execution
11902
Critical
11902
Publicly Disclosed:No;Exploited:No
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11902
Release Notes
11902
No
Security Update
1.1.26040.8
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide
11902
Release Notes
<a href="https://dawnslab.jd.com/">haowei yan(jingdong dawnslab)</a>
1.1
2026-05-26T07:00:00
<p>In the Security Updates table, added links to the Release Notes. This is an informational change only.</p>
1.0
2026-05-19T07:00:00
<p>Information published.</p>
Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
<p>Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>What customer action needs to take place to mitigate the vulnerability?</strong></p>
<p>Customers should install the latest version of the Windows Admin Center extension through the Azure Portal. There is no direct download link; instead, customers need to open the Extensions + Applications blade for their virtual machine in the Azure Portal and search for the extension named AdminCenter (Microsoft.AdminCenter.AdminCenter). From there, they can add or update the extension following the standard Azure VM extension installation process described <a href="https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/overview">here</a>.</p>
Azure Portal Windows Admin Center
Microsoft
Yes
CVE-2026-42834
Improper Link Resolution Before File Access ('Link Following')
12518
Elevation of Privilege
12518
Important
12518
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12518
Release Notes
12518
No
Security Update
0.72.0.0.
https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/extension-release-notes
12518
Release Notes
<a href="https://twitter.com/crispr_x">BochengXiang(@Crispr)</a> with FDU
1.0
2026-05-19T07:00:00
<p>Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who have already installed the May 2026 updates do not need to take any further action.</p>
Microsoft SharePoint Remote Code Execution Vulnerability
<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p>
<p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p>
<p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p>
<p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2026-45659
Deserialization of Untrusted Data
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002868
https://www.microsoft.com/en-us/download/details.aspx?id=108651
5002861
10950
Maybe
Security Update
16.0.5552.1002
https://support.microsoft.com/help/5002868
10950
5002868
5002870
https://www.microsoft.com/en-us/download/details.aspx?id=108654
5002854
11585
Maybe
Security Update
16.0.10417.20128
https://support.microsoft.com/help/5002870
11585
5002870
5002863
https://www.microsoft.com/en-us/download/details.aspx?id=108655
5002853
11961
Maybe
Security Update
16.0.19725.20280
https://support.microsoft.com/help/5002863
11961
5002863
MEOW
1.1
2026-05-26T07:00:00
<p>Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who have already installed the May 2026 updates do not need to take any further action.</p>
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8521 Use after free in Tab Groups
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8521
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T07:00:29
<p>Information published.</p>
Chromium: CVE-2026-8522 Use after free in Downloads
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8522
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T07:00:30
<p>Information published.</p>
Chromium: CVE-2026-8574 Use after free in Core
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8574
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:21:22
<p>Information published.</p>
Chromium: CVE-2026-9116 Insufficient policy enforcement in ServiceWorker
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9116
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:42
<p>Information published.</p>
Chromium: CVE-2026-9117 Type Confusion in GFX
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9117
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:43
<p>Information published.</p>
Chromium: CVE-2026-9118 Use after free in XR
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9118
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:44
<p>Information published.</p>
Chromium: CVE-2026-9119 Heap buffer overflow in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9119
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:45
<p>Information published.</p>
Chromium: CVE-2026-9120 Use after free in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9120
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:46
<p>Information published.</p>
Chromium: CVE-2026-9121 Out of bounds read in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9122
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:50
<p>Information published.</p>
Chromium: CVE-2026-9123 Heap buffer overflow in Chromecast
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9124
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:52
<p>Information published.</p>
Chromium: CVE-2026-9122 Out of bounds read in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9123
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:51
<p>Information published.</p>
Chromium: CVE-2026-9126 Use after free in DOM
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9121
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:49
<p>Information published.</p>
Chromium: CVE-2026-9124 Insufficient validation of untrusted input in Input
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.83</td>
<td>05/21/2026</td>
<td>148.0.7778.180</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9126
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.83
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-21T21:43:48
<p>Information published.</p>
Chromium: CVE-2026-10003 Use after free in Views
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10003
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:36
<p>Information published.</p>
Chromium: CVE-2026-10002 Use after free in PDFium
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10002
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:35
<p>Information published.</p>
Chromium: CVE-2026-10004 Insufficient validation of untrusted input in Passwords
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10004
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:37
<p>Information published.</p>
Chromium: CVE-2026-10001 Use after free in PerformanceManager
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10001
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:34
<p>Information published.</p>
Chromium: CVE-2026-10007 Use after free in SVG
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10007
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:40
<p>Information published.</p>
Chromium: CVE-2026-10006 Race in WebAudio
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10006
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:39
<p>Information published.</p>
Chromium: CVE-2026-10005 Use after free in WebAppInstalls
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10005
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:38
<p>Information published.</p>
Chromium: CVE-2026-9874 Use after free in Dawn
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9874
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:25
<p>Information published.</p>
Chromium: CVE-2026-9877 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9877
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:28
<p>Information published.</p>
Chromium: CVE-2026-9878 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9878
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:29
<p>Information published.</p>
Chromium: CVE-2026-9873 Use after free in Network
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9873
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:24
<p>Information published.</p>
Chromium: CVE-2026-9879 Out of bounds write in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9879
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:30
<p>Information published.</p>
Chromium: CVE-2026-9881 Use after free in Bluetooth
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9881
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:19:32
<p>Information published.</p>
Chromium: CVE-2026-9913 Inappropriate implementation in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9913
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:04
<p>Information published.</p>
Chromium: CVE-2026-9915 Heap buffer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9915
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:07
<p>Information published.</p>
Chromium: CVE-2026-9916 Out of bounds write in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9916
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:08
<p>Information published.</p>
Chromium: CVE-2026-9914 Insufficient validation of untrusted input in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9914
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:06
<p>Information published.</p>
Chromium: CVE-2026-9918 Inappropriate implementation in Tint
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9918
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:10
<p>Information published.</p>
Chromium: CVE-2026-9920 Uninitialized Use in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9920
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:12
<p>Information published.</p>
Chromium: CVE-2026-9924 Heap buffer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9924
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:16
<p>Information published.</p>
Chromium: CVE-2026-9923 Use after free in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9923
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:15
<p>Information published.</p>
Chromium: CVE-2026-9922 Use after free in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9922
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:14
<p>Information published.</p>
Chromium: CVE-2026-9925 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9925
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:17
<p>Information published.</p>
Chromium: CVE-2026-9926 Heap buffer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9926
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:18
<p>Information published.</p>
Chromium: CVE-2026-9928 Out of bounds read in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9928
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:20
<p>Information published.</p>
Chromium: CVE-2026-9927 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9927
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:19
<p>Information published.</p>
Chromium: CVE-2026-9930 Out of bounds write in Dawn
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9930
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:22
<p>Information published.</p>
Chromium: CVE-2026-9931 Use after free in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9931
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:23
<p>Information published.</p>
Chromium: CVE-2026-9932 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9932
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:24
<p>Information published.</p>
Chromium: CVE-2026-9933 Use after free in Input
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9933
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:25
<p>Information published.</p>
Chromium: CVE-2026-9937 Use after free in UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9937
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:29
<p>Information published.</p>
Chromium: CVE-2026-9936 Use after free in GFX
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9936
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:28
<p>Information published.</p>
Chromium: CVE-2026-9935 Uninitialized Use in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9935
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:27
<p>Information published.</p>
Chromium: CVE-2026-9934 Use after free in Aura
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9934
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:26
<p>Information published.</p>
Chromium: CVE-2026-9938 Inappropriate implementation in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9938
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:30
<p>Information published.</p>
Chromium: CVE-2026-9939 Heap buffer overflow in WebCodecs
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9939
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:31
<p>Information published.</p>
Chromium: CVE-2026-9940 Heap buffer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9940
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:32
<p>Information published.</p>
Chromium: CVE-2026-9958 Use after free in PDFium
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9958
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:51
<p>Information published.</p>
Chromium: CVE-2026-9957 Use after free in PDF
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9957
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:50
<p>Information published.</p>
Chromium: CVE-2026-9960 Integer overflow in PDFium
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9960
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:53
<p>Information published.</p>
Chromium: CVE-2026-9959 Race in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9959
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:52
<p>Information published.</p>
Chromium: CVE-2026-10020 Insufficient validation of untrusted input in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10020
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:54
<p>Information published.</p>
Chromium: CVE-2026-9977 Insufficient validation of untrusted input in WebShare
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9977
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:10
<p>Information published.</p>
Chromium: CVE-2026-9971 Inappropriate implementation in iOS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9971
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:04
<p>Information published.</p>
Chromium: CVE-2026-9969 Insufficient validation of untrusted input in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9969
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:02
<p>Information published.</p>
Chromium: CVE-2026-9963 Uninitialized Use in iOS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9963
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:56
<p>Information published.</p>
Chromium: CVE-2026-9956 Use after free in iOS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9956
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:49
<p>Information published.</p>
Chromium: CVE-2026-9955 Inappropriate implementation in iOS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9955
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:48
<p>Information published.</p>
Chromium: CVE-2026-9950 Insufficient validation of untrusted input in iOS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9950
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:42
<p>Information published.</p>
Chromium: CVE-2026-9947 Use after free in XML
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9947
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:39
<p>Information published.</p>
Chromium: CVE-2026-9943 Out of bounds read in WebGL
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9943
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:35
<p>Information published.</p>
Chromium: CVE-2026-9929 Inappropriate implementation in WebGL
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9929
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:20:21
<p>Information published.</p>
Chromium: CVE-2026-9921 Uninitialized Use in WebGL
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9921
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:13
<p>Information published.</p>
Chromium: CVE-2026-9919 Out of bounds read in WebGL
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9919
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:11
<p>Information published.</p>
Chromium: CVE-2026-9917 Uninitialized Use in WebGL
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9917
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:09
<p>Information published.</p>
Chromium: CVE-2026-9912 Inappropriate implementation in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9912
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:03
<p>Information published.</p>
Chromium: CVE-2026-9911 Integer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9911
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:02
<p>Information published.</p>
Chromium: CVE-2026-9898 Insufficient validation of untrusted input in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9898
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:49
<p>Information published.</p>
Chromium: CVE-2026-9889 Out of bounds read and write in Dawn
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9889
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:40
<p>Information published.</p>
Chromium: CVE-2026-9888 Use after free in WebView
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9888
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:39
<p>Information published.</p>
Chromium: CVE-2026-9880 Insufficient validation of untrusted input in WebGL
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9880
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:31
<p>Information published.</p>
Chromium: CVE-2026-9876 Use after free in WebGL
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9876
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:27
<p>Information published.</p>
Chromium: CVE-2026-9875 Out of bounds read in WebGL
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.97</td>
<td>05/31/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-9875
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.97
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-31T07:00:26
<p>Information published.</p>
Microsoft Defender Elevation of Privilege Vulnerability
<p>Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<table>
<thead>
<tr>
<th>References</th>
<th>Identification</th>
</tr>
</thead>
<tbody>
<tr>
<td>Last version of the Microsoft Malware Protection Engine affected by this vulnerability</td>
<td>1.1.26030.3008</td>
</tr>
<tr>
<td>First version of the Microsoft Malware Protection Engine with this vulnerability addressed</td>
<td>Version 1.1.26040.8</td>
</tr>
</tbody>
</table>
<p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p>
<p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p>
<p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p>
<p><strong>Why is no action required to install this update?</strong></p>
<p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p>
<p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p>
<p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.</p>
<p><strong>How often are the Microsoft Malware Protection Engine and malware definitions updated?</strong></p>
<p>Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p>
<p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p>
<p><strong>What is the Microsoft Malware Protection Engine?</strong></p>
<p>The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.</p>
<p><strong>Windows Defender uses the Microsoft Malware Protection Engine. On which products is Defender installed and active by default?</strong></p>
<p>Defender runs on all supported version of Windows.</p>
<p><strong>Are there other products that use the Microsoft Malware Protection Engine?</strong></p>
<p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p>
<p><strong>Does this update contain any additional security-related changes to functionality?</strong></p>
<p>Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p>
Microsoft Defender
Microsoft
Yes
CVE-2026-41091
Improper Link Resolution Before File Access ('Link Following')
11902
Elevation of Privilege
11902
Important
11902
Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11902
Release Notes
11902
No
Security Update
1.1.26040.8
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide
11902
Release Notes
<a href="https://github.com/void2012 "> Damir Moldovanov </a>
<a href="https://www.linkedin.com/in/andrewcdorman">ACD421</a> with Hollow Point Labs
<a href="https://www.linkedin.com/in/andrewcdorman">ACD421</a> with Hollow Point Labs
Anonymous
Diffract
<a href="https://x.com/sibusisosishi">Sibusiso</a> with <a href="https://www.ironsky.co.za/">Ironsky</a>
1.0
2026-05-19T07:00:00
<p>Information published.</p>
1.1
2026-05-26T07:00:00
<p>In the Security Updates table, added links to the Release Notes. This is an informational change only.</p>
M365 Copilot Information Disclosure Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
M365 Copilot
Microsoft
No
CVE-2026-26129
Improper Neutralization of Special Elements
16791
Information Disclosure
16791
Critical
16791
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
16791
<a href="https://x.com/es7evam">Estevam Arantes</a> with Microsoft
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Copilot Chat (Microsoft Edge)
Microsoft
No
CVE-2026-33111
Improper Neutralization of Special Elements used in a Command ('Command Injection')
21290
Information Disclosure
21290
Critical
21290
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
21290
<a href="https://www.linkedin.com/in/spandan0x50">Spandan Pokhrel</a>
1.0
2026-05-07T07:00:00
<p>Information published.</p>
M365 Copilot Information Disclosure Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
M365 Copilot
Microsoft
No
CVE-2026-26164
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
16791
Information Disclosure
16791
Critical
16791
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
16791
<a href="https://github.com/0xsombra">0xSombra</a>
<a href="https://x.com/es7evam">Estevam Arantes</a> with Microsoft
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Microsoft Team Events Portal Information Disclosure Vulnerability
<p>Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Teams
Microsoft
No
CVE-2026-33823
Improper Authorization
11686
Information Disclosure
11686
Critical
11686
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.6
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
11686
Adi Ivascu
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
<p>Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Managed Instance for Apache Cassandra
Microsoft
No
CVE-2026-33844
Improper Input Validation
12387
Remote Code Execution
12387
Critical
12387
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.0
7.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12387
<a href="https://twitter.com/wtm_offensi">wtm</a> with <a href="https://offensi.com/">Offensi</a>
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Microsoft Partner Center Spoofing Vulnerability
<p>Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Partner Center
Microsoft
No
CVE-2026-34327
Externally Controlled Reference to a Resource in Another Sphere
12429
Spoofing
12429
Critical
12429
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
8.2
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C
12429
Victor van der Stoep
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Azure Cloud Shell Spoofing Vulnerability
<p>Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Cloud Shell
Microsoft
No
CVE-2026-35428
Improper Neutralization of Special Elements used in a Command ('Command Injection')
21064
Spoofing
21064
Critical
21064
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
9.6
8.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
21064
Tomasz Bojarski with https://web-safety.net/
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Azure AI Foundry Elevation of Privilege Vulnerability
<p>Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure AI Foundry M365 published agents
Microsoft
No
CVE-2026-35435
Improper Access Control
12505
Elevation of Privilege
12505
Critical
12505
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.6
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
12505
Anonymous
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Azure DevOps Information Disclosure Vulnerability
<p>Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure DevOps
Microsoft
No
CVE-2026-42826
Exposure of Sensitive Information to an Unauthorized Actor
11998
Information Disclosure
11998
Critical
11998
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
10.0
8.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11998
Noa Royzman with Microsoft
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
<p>Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Notification Service
Microsoft
No
CVE-2026-41105
Server-Side Request Forgery (SSRF)
21302
Elevation of Privilege
21302
Critical
21302
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
21302
Anonymous
1.0
2026-05-07T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-8510 Integer overflow in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.70</td>
<td>05/15/2026</td>
<td>148.0.7778.168</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-8510
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.70
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-15T17:20:18
<p>Information published.</p>
Microsoft Planetary Computer Pro Information Disclosure Vulnerability
<p>Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Planetary Computer Pro
Microsoft
No
CVE-2026-41104
Deserialization of Untrusted Data
21305
Information Disclosure
21305
Critical
21305
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
10.0
8.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
21305
<a href="https://twitter.com/yanir_">Yanir Tsarimi</a> with <a href="https://enclave.ai/">Enclave</a>
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Microsoft Entra ID Elevation of Privilege Vulnerability
<p>Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Entra ID
Microsoft
No
CVE-2026-42901
Origin Validation Error
12383
Elevation of Privilege
12383
Critical
12383
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
10.0
8.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12383
Thomas Knudson
Sridhar Periyasamy
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability
<p>Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Azure Entra ID
Microsoft
No
CVE-2026-23663
Improper Privilege Management
21057
Elevation of Privilege
21057
Critical
21057
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
21057
<a href="https://www.linkedin.com/in/vamsi-nukavarapu/">Vamsi Nukavarapu</a> with <a href="https://www.microsoft.com/">Microsoft</a>
Sriharsha Pallekonda with <a href="https://www.microsoft.com/">Microsoft</a>
1.0
2026-05-21T07:00:00
<p>Information published.</p>
Chromium: CVE-2026-10000 Use after free in Passwords
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>148.0.3967.96</td>
<td>05/29/2026</td>
<td>148.0.7778.216/217</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2026-10000
11655
11655
11655
Release Notes
11655
No
Security Update
148.0.3967.96
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2026-05-29T16:21:33
<p>Information published.</p>
ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()
Mariner
Linux
Yes
CVE-2026-31706
21248-17084
21332-17084
21308-17084
21344-17084
21248-17084
21332-17084
21308-17084
21344-17084
Important
21248-17084
Important
21332-17084
Important
21308-17084
Important
21344-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2026-05-02T01:01:35
<p>Information published.</p>
2.0
2026-05-04T14:37:58
<p>Information published.</p>
6.0
2026-05-22T01:42:43
<p>Information published.</p>
3.0
2026-05-06T14:44:59
<p>Information published.</p>
4.0
2026-05-11T01:39:09
<p>Information published.</p>
5.0
2026-05-17T14:40:04
<p>Information published.</p>
usb: gadget: f_subset: Fix net_device lifecycle with device_move
Mariner
Linux
Yes
CVE-2026-31723
21248-17084
21308-17084
21332-17084
21344-17084
21248-17084
21308-17084
21332-17084
21344-17084
Important
21248-17084
Important
21308-17084
Important
21332-17084
Important
21344-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2026-05-02T01:01:41
<p>Information published.</p>
2.0
2026-05-04T14:38:03
<p>Information published.</p>
6.0
2026-05-19T01:41:00
<p>Information published.</p>
3.0
2026-05-06T14:45:32
<p>Information published.</p>
4.0
2026-05-11T01:39:18
<p>Information published.</p>
5.0
2026-05-17T14:40:13
<p>Information published.</p>
usb: gadget: f_eem: Fix net_device lifecycle with device_move
Mariner
Linux
Yes
CVE-2026-31724
21248-17084
21332-17084
21308-17084
21344-17084
21248-17084
21332-17084
21308-17084
21344-17084
Important
21248-17084
Important
21332-17084
Important
21308-17084
Important
21344-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2026-05-02T01:01:46
<p>Information published.</p>
2.0
2026-05-04T14:38:09
<p>Information published.</p>
4.0
2026-05-11T01:39:26
<p>Information published.</p>
6.0
2026-05-19T01:41:08
<p>Information published.</p>
3.0
2026-05-06T14:45:40
<p>Information published.</p>
5.0
2026-05-17T14:40:22
<p>Information published.</p>
net: use skb_header_pointer() for TCPv4 GSO frag_off check
Mariner
Linux
Yes
CVE-2026-43036
21248-17084
21308-17084
21332-17084
21344-17084
21248-17084
21308-17084
21332-17084
21344-17084
Moderate
21248-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-02T01:02:14
<p>Information published.</p>
4.0
2026-05-11T01:40:07
<p>Information published.</p>
2.0
2026-05-04T14:38:38
<p>Information published.</p>
3.0
2026-05-06T14:46:24
<p>Information published.</p>
5.0
2026-05-17T14:41:12
<p>Information published.</p>
gpib: fix use-after-free in IO ioctl handlers
Mariner
Linux
Yes
CVE-2026-31769
21248-17084
21248-17084
21248-17084
1.0
2026-05-02T01:02:20
<p>Information published.</p>
ksmbd: validate response sizes in ipc_validate_msg()
Mariner
Linux
Yes
CVE-2026-31707
21248-17084
21332-17084
21308-17084
21344-17084
21248-17084
21332-17084
21308-17084
21344-17084
Important
21248-17084
Important
21332-17084
Important
21308-17084
Important
21344-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21248-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21332-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21308-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21344-17084
1.0
2026-05-02T01:02:25
<p>Information published.</p>
4.0
2026-05-11T01:40:16
<p>Information published.</p>
6.0
2026-05-22T01:43:04
<p>Information published.</p>
2.0
2026-05-04T14:38:43
<p>Information published.</p>
3.0
2026-05-06T14:46:33
<p>Information published.</p>
5.0
2026-05-17T14:41:22
<p>Information published.</p>
mpls: add seqcount to protect the platform_label{,s} pair
Mariner
Linux
Yes
CVE-2026-43042
21248-17084
21332-17084
21308-17084
21344-17084
21248-17084
21332-17084
21308-17084
21344-17084
Important
21248-17084
Important
21332-17084
Important
21308-17084
Moderate
21344-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21248-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21332-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-02T01:02:47
<p>Information published.</p>
2.0
2026-05-04T14:39:01
<p>Information published.</p>
4.0
2026-05-11T01:40:41
<p>Information published.</p>
5.1
2026-05-22T01:43:18
<p>Information published.</p>
3.0
2026-05-06T14:46:59
<p>Information published.</p>
5.0
2026-05-17T14:41:53
<p>Information published.</p>
Bluetooth: hci_event: move wake reason storage into validated event handlers
Mariner
Linux
Yes
CVE-2026-31771
21308-17084
21332-17084
21248-17084
21344-17084
21308-17084
21332-17084
21248-17084
21344-17084
Important
21308-17084
Important
21332-17084
Important
21248-17084
Moderate
21344-17084
8.1
8.1
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
21308-17084
8.1
8.1
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
21332-17084
8.1
8.1
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-02T01:02:53
<p>Information published.</p>
2.0
2026-05-04T14:39:07
<p>Information published.</p>
3.0
2026-05-06T14:47:09
<p>Information published.</p>
4.0
2026-05-11T01:40:50
<p>Information published.</p>
5.0
2026-05-17T14:42:03
<p>Information published.</p>
5.1
2026-05-22T01:43:25
<p>Information published.</p>
wifi: mac80211: check tdls flag in ieee80211_tdls_oper
Mariner
Linux
Yes
CVE-2026-43052
21248-17084
21332-17084
21308-17084
21344-17084
21248-17084
21332-17084
21308-17084
21344-17084
Important
21248-17084
Important
21332-17084
Important
21308-17084
Moderate
21344-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-02T01:02:58
<p>Information published.</p>
2.0
2026-05-04T14:39:12
<p>Information published.</p>
4.0
2026-05-11T01:40:59
<p>Information published.</p>
5.1
2026-05-22T01:43:32
<p>Information published.</p>
3.0
2026-05-06T14:47:18
<p>Information published.</p>
5.0
2026-05-17T14:42:14
<p>Information published.</p>
smb: client: validate the whole DACL before rewriting it in cifsacl
Mariner
Linux
Yes
CVE-2026-31709
21248-17084
21308-17084
21332-17084
21344-17084
21248-17084
21308-17084
21332-17084
21344-17084
Important
21248-17084
Important
21308-17084
Important
21332-17084
Important
21344-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
21248-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
21308-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
21332-17084
7.8
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-02T01:03:04
<p>Information published.</p>
2.0
2026-05-04T14:39:18
<p>Information published.</p>
4.0
2026-05-11T01:41:07
<p>Information published.</p>
5.1
2026-05-22T01:43:40
<p>Information published.</p>
3.0
2026-05-06T14:47:26
<p>Information published.</p>
5.0
2026-05-17T14:42:23
<p>Information published.</p>
Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails
Mariner
Linux
Yes
CVE-2026-43021
21248-17084
21248-17084
21248-17084
1.0
2026-05-02T01:03:09
<p>Information published.</p>
bpf: Reject sleepable kprobe_multi programs at attach time
Mariner
Linux
Yes
CVE-2026-43010
21248-17084
21332-17084
21308-17084
21344-17084
21248-17084
21332-17084
21308-17084
21344-17084
Moderate
21248-17084
Moderate
21332-17084
Moderate
21308-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-02T01:03:20
<p>Information published.</p>
2.0
2026-05-04T14:39:29
<p>Information published.</p>
3.0
2026-05-06T14:47:43
<p>Information published.</p>
4.0
2026-05-11T01:41:24
<p>Information published.</p>
5.0
2026-05-17T14:42:41
<p>Information published.</p>
mshv: Fix error handling in mshv_region_pin
Mariner
Linux
Yes
CVE-2026-43045
21248-17084
21248-17084
21248-17084
1.0
2026-05-02T01:03:37
<p>Information published.</p>
usb: gadget: f_hid: move list and spinlock inits from bind to alloc
Mariner
Linux
Yes
CVE-2026-31721
21248-17084
21248-17084
Important
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
CBL-Mariner Releases
21248-17084
No
Security Update
6.6.137.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21248-17084
CBL-Mariner Releases
1.0
2026-05-02T01:03:59
<p>Information published.</p>
2.0
2026-05-02T14:40:16
<p>Information published.</p>
2.1
2026-05-04T14:40:05
<p>Information published.</p>
3.0
2026-05-19T01:41:59
<p>Information published.</p>
smb: server: fix active_num_conn leak on transport allocation failure
Mariner
Linux
Yes
CVE-2026-31711
21248-17084
21248-17084
Important
21248-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
21248-17084
CBL-Mariner Releases
21248-17084
No
Security Update
6.6.137.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21248-17084
CBL-Mariner Releases
1.0
2026-05-02T01:04:04
<p>Information published.</p>
2.1
2026-05-04T14:40:11
<p>Information published.</p>
2.0
2026-05-02T14:40:23
<p>Information published.</p>
crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed
Mariner
Linux
Yes
CVE-2026-31699
21248-17084
21248-17084
Important
21248-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21248-17084
CBL-Mariner Releases
21248-17084
No
Security Update
6.6.137.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21248-17084
CBL-Mariner Releases
1.0
2026-05-02T01:04:10
<p>Information published.</p>
2.1
2026-05-04T14:40:17
<p>Information published.</p>
2.0
2026-05-02T14:40:30
<p>Information published.</p>
fuse: reject oversized dirents in page cache
Mariner
Linux
Yes
CVE-2026-31694
21248-17084
21248-17084
Important
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
CBL-Mariner Releases
21248-17084
No
Security Update
6.6.137.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21248-17084
CBL-Mariner Releases
1.0
2026-05-02T01:04:15
<p>Information published.</p>
2.1
2026-05-04T14:40:23
<p>Information published.</p>
2.0
2026-05-02T14:40:37
<p>Information published.</p>
ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment
Mariner
Linux
Yes
CVE-2026-31705
21248-17084
21248-17084
Critical
21248-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21248-17084
CBL-Mariner Releases
21248-17084
No
Security Update
6.6.137.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21248-17084
CBL-Mariner Releases
1.0
2026-05-02T01:04:21
<p>Information published.</p>
2.0
2026-05-02T14:40:43
<p>Information published.</p>
2.1
2026-05-04T14:40:30
<p>Information published.</p>
crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
Mariner
Linux
Yes
CVE-2026-43033
21248-17084
21248-17084
Important
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
CBL-Mariner Releases
21248-17084
No
Security Update
6.6.137.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21248-17084
CBL-Mariner Releases
1.0
2026-05-02T01:04:26
<p>Information published.</p>
2.0
2026-05-02T14:40:50
<p>Information published.</p>
2.1
2026-05-04T14:40:36
<p>Information published.</p>
rxrpc: Fix missing validation of ticket length in non-XDR key preparsing
Mariner
Linux
Yes
CVE-2026-31696
21248-17084
21248-17084
Moderate
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
CBL-Mariner Releases
21248-17084
No
Security Update
6.6.137.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21248-17084
CBL-Mariner Releases
1.0
2026-05-02T01:04:32
<p>Information published.</p>
2.1
2026-05-04T14:40:43
<p>Information published.</p>
2.0
2026-05-02T14:40:57
<p>Information published.</p>
ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
Mariner
Linux
Yes
CVE-2026-31704
21248-17084
21248-17084
Important
21248-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
21248-17084
CBL-Mariner Releases
21248-17084
No
Security Update
6.6.137.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21248-17084
CBL-Mariner Releases
1.0
2026-05-02T01:04:42
<p>Information published.</p>
2.0
2026-05-02T14:41:10
<p>Information published.</p>
2.1
2026-05-04T14:40:55
<p>Information published.</p>
3.0
2026-05-19T01:42:08
<p>Information published.</p>
f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()
Mariner
Linux
Yes
CVE-2026-31702
21248-17084
21248-17084
Important
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
CBL-Mariner Releases
21248-17084
No
Security Update
6.6.137.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21248-17084
CBL-Mariner Releases
1.0
2026-05-02T01:04:48
<p>Information published.</p>
2.1
2026-05-04T14:41:01
<p>Information published.</p>
3.0
2026-05-19T01:42:17
<p>Information published.</p>
2.0
2026-05-02T14:41:17
<p>Information published.</p>
net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()
Mariner
Linux
Yes
CVE-2026-31700
21248-17084
21248-17084
Important
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
CBL-Mariner Releases
21248-17084
No
Security Update
6.6.137.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21248-17084
CBL-Mariner Releases
1.0
2026-05-02T01:04:59
<p>Information published.</p>
2.1
2026-05-04T14:41:14
<p>Information published.</p>
2.0
2026-05-02T14:41:31
<p>Information published.</p>
ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
Mariner
Linux
Yes
CVE-2026-43037
21093-17086
21093-17086
Important
21093-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
1.0
2026-05-06T01:01:29
<p>Information published.</p>
CoreDNS TSIG authentication bypass on encrypted DNS transports
Mariner
GitHub_M
Yes
CVE-2026-33190
Incorrect Implementation of Authentication Algorithm
21180-17084
21180-17084
Important
21180-17084
CBL-Mariner Releases
21180-17084
No
Security Update
1.11.4-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21180-17084
CBL-Mariner Releases
1.0
2026-05-07T01:02:32
<p>Information published.</p>
2.0
2026-05-15T14:39:52
<p>Information published.</p>
CoreDNS DoH GET path missing size validation causes CPU and memory amplification
Mariner
GitHub_M
Yes
CVE-2026-32936
Uncontrolled Resource Consumption
21180-17084
21180-17084
Important
21180-17084
CBL-Mariner Releases
21180-17084
No
Security Update
1.11.4-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21180-17084
CBL-Mariner Releases
1.0
2026-05-07T01:02:48
<p>Information published.</p>
2.0
2026-05-15T14:40:06
<p>Information published.</p>
Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Mariner
GitHub_M
Yes
CVE-2026-42154
Uncontrolled Resource Consumption
21009-17086
21258-17084
21009-17086
21258-17084
Important
21009-17086
Moderate
21258-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
21009-17086
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
21258-17084
CBL-Mariner Releases
21258-17084
No
Security Update
1.31.0-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21258-17084
CBL-Mariner Releases
1.0
2026-05-07T01:03:58
<p>Information published.</p>
2.0
2026-05-13T01:05:57
<p>Information published.</p>
3.0
2026-05-15T14:41:52
<p>Information published.</p>
vhost: move vdpa group bound check to vhost_vdpa
Mariner
Linux
Yes
CVE-2026-43248
21332-17084
21308-17084
21344-17084
21332-17084
21308-17084
21344-17084
Moderate
21332-17084
Moderate
21308-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21332-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-07T01:04:12
<p>Information published.</p>
2.0
2026-05-08T01:42:58
<p>Information published.</p>
3.0
2026-05-11T01:42:28
<p>Information published.</p>
4.1
2026-05-22T01:44:43
<p>Information published.</p>
1.1
2026-05-07T14:38:55
<p>Information published.</p>
4.0
2026-05-17T14:43:39
<p>Information published.</p>
ntfs3: fix circular locking dependency in run_unpack_ex
Mariner
Linux
Yes
CVE-2026-43127
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-07T14:39:21
<p>Information published.</p>
3.0
2026-05-11T01:43:02
<p>Information published.</p>
1.0
2026-05-07T01:04:54
<p>Information published.</p>
4.0
2026-05-17T14:44:11
<p>Information published.</p>
4.1
2026-05-22T01:44:52
<p>Information published.</p>
iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Mariner
Linux
Yes
CVE-2026-43161
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21308-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-07T01:05:01
<p>Information published.</p>
1.1
2026-05-07T14:39:26
<p>Information published.</p>
4.1
2026-05-22T01:44:59
<p>Information published.</p>
2.0
2026-05-08T01:43:14
<p>Information published.</p>
3.0
2026-05-11T01:43:12
<p>Information published.</p>
4.0
2026-05-17T14:44:19
<p>Information published.</p>
ntfs: ->d_compare() must not block
Mariner
Linux
Yes
CVE-2026-43245
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
21308-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-07T01:05:48
<p>Information published.</p>
1.1
2026-05-07T14:39:36
<p>Information published.</p>
2.0
2026-05-08T01:43:24
<p>Information published.</p>
3.0
2026-05-11T01:43:28
<p>Information published.</p>
4.1
2026-05-22T01:45:13
<p>Information published.</p>
4.0
2026-05-17T14:44:36
<p>Information published.</p>
ASoC: SOF: Intel: hda: Fix NULL pointer dereference
Mariner
Linux
Yes
CVE-2026-43137
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-07T01:06:02
<p>Information published.</p>
2.0
2026-05-07T14:39:46
<p>Information published.</p>
3.0
2026-05-11T01:43:37
<p>Information published.</p>
4.0
2026-05-17T14:44:45
<p>Information published.</p>
team: avoid NETDEV_CHANGEMTU event when unregistering slave
Mariner
Linux
Yes
CVE-2026-43234
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-07T01:06:17
<p>Information published.</p>
2.0
2026-05-07T14:39:56
<p>Information published.</p>
3.0
2026-05-11T01:43:53
<p>Information published.</p>
4.0
2026-05-17T14:45:01
<p>Information published.</p>
ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Mariner
Linux
Yes
CVE-2026-43185
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-07T01:06:52
<p>Information published.</p>
2.0
2026-05-07T14:40:11
<p>Information published.</p>
3.0
2026-05-11T01:44:27
<p>Information published.</p>
4.0
2026-05-17T14:45:33
<p>Information published.</p>
5.0
2026-05-19T01:45:49
<p>Information published.</p>
wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Mariner
Linux
Yes
CVE-2025-71273
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.3
4.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U
21308-17084
5.3
4.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-07T01:06:59
<p>Information published.</p>
1.1
2026-05-07T14:40:16
<p>Information published.</p>
4.1
2026-05-22T01:45:44
<p>Information published.</p>
2.0
2026-05-08T01:43:50
<p>Information published.</p>
3.0
2026-05-11T01:44:35
<p>Information published.</p>
4.0
2026-05-17T14:45:41
<p>Information published.</p>
xfs: remove xfs_attr_leaf_hasname
Mariner
Linux
Yes
CVE-2026-43153
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21308-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-07T01:07:17
<p>Information published.</p>
1.1
2026-05-07T14:40:21
<p>Information published.</p>
4.1
2026-05-22T01:46:04
<p>Information published.</p>
2.0
2026-05-08T01:43:55
<p>Information published.</p>
3.0
2026-05-11T01:44:59
<p>Information published.</p>
4.0
2026-05-17T14:46:06
<p>Information published.</p>
netfilter: ctnetlink: ensure safe access to master conntrack
Mariner
Linux
Yes
CVE-2026-43116
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21308-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-07T01:07:28
<p>Information published.</p>
1.1
2026-05-07T14:40:36
<p>Information published.</p>
2.0
2026-05-08T01:44:02
<p>Information published.</p>
4.1
2026-05-22T01:46:14
<p>Information published.</p>
3.0
2026-05-11T01:45:16
<p>Information published.</p>
4.0
2026-05-17T14:46:21
<p>Information published.</p>
kcm: fix zero-frag skb in frag_list on partial sendmsg error
Mariner
Linux
Yes
CVE-2026-43244
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-07T01:07:39
<p>Information published.</p>
2.0
2026-05-07T14:40:46
<p>Information published.</p>
3.0
2026-05-11T01:45:25
<p>Information published.</p>
4.0
2026-05-17T14:46:30
<p>Information published.</p>
drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35
Mariner
Linux
Yes
CVE-2026-43191
21308-17084
21308-17084
Moderate
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
CBL-Mariner Releases
21308-17084
No
Security Update
6.6.137.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21308-17084
CBL-Mariner Releases
1.0
2026-05-07T01:07:44
<p>Information published.</p>
3.0
2026-05-09T14:38:41
<p>Information published.</p>
2.0
2026-05-07T14:40:51
<p>Information published.</p>
most: core: fix resource leak in most_register_interface error paths
Mariner
Linux
Yes
CVE-2025-71272
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-07T01:08:55
<p>Information published.</p>
2.0
2026-05-07T14:41:46
<p>Information published.</p>
5.0
2026-05-19T01:46:01
<p>Information published.</p>
3.0
2026-05-11T01:46:23
<p>Information published.</p>
4.0
2026-05-17T14:47:28
<p>Information published.</p>
xmldom: Denial of service via uncontrolled recursion in XML serialization
Mariner
GitHub_M
Yes
CVE-2026-41673
Uncontrolled Recursion
19693-17084
19693-17084
Important
19693-17084
2.0
2026-05-19T01:49:02
<p>Information published.</p>
1.0
2026-05-08T01:01:40
<p>Information published.</p>
fs: init flags_valid before calling vfs_fileattr_get
Mariner
Linux
Yes
CVE-2026-43474
21308-17084
21308-17084
21308-17084
CBL-Mariner Releases
21308-17084
No
Security Update
6.6.138.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21308-17084
CBL-Mariner Releases
1.0
2026-05-09T01:01:17
<p>Information published.</p>
2.0
2026-05-11T01:47:52
<p>Information published.</p>
drm/panthor: fix for dma-fence safe access rules
Mariner
Linux
Yes
CVE-2025-71302
21308-17084
21308-17084
21308-17084
CBL-Mariner Releases
21308-17084
No
Security Update
6.6.138.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21308-17084
CBL-Mariner Releases
1.0
2026-05-09T01:01:28
<p>Information published.</p>
2.0
2026-05-11T01:48:12
<p>Information published.</p>
md raid: fix hang when stopping arrays with metadata through dm-raid
Mariner
Linux
Yes
CVE-2026-43309
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-11T01:48:28
<p>Information published.</p>
1.0
2026-05-09T01:01:39
<p>Information published.</p>
3.0
2026-05-17T14:49:11
<p>Information published.</p>
drm/amd/display: Fix dsc eDP issue
Mariner
Linux
Yes
CVE-2026-43320
21308-17084
21308-17084
21308-17084
CBL-Mariner Releases
21308-17084
No
Security Update
6.6.138.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21308-17084
CBL-Mariner Releases
1.0
2026-05-09T01:02:18
<p>Information published.</p>
2.0
2026-05-11T01:49:27
<p>Information published.</p>
drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()
Mariner
Linux
Yes
CVE-2026-43300
21308-17084
21308-17084
Moderate
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
CBL-Mariner Releases
21308-17084
No
Security Update
6.6.138.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21308-17084
CBL-Mariner Releases
2.0
2026-05-11T01:49:15
<p>Information published.</p>
1.0
2026-05-09T01:02:07
<p>Information published.</p>
bpf: crypto: Use the correct destructor kfunc type
Mariner
Linux
Yes
CVE-2026-43306
21308-17084
21308-17084
Moderate
21308-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21308-17084
CBL-Mariner Releases
21308-17084
No
Security Update
6.6.138.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21308-17084
CBL-Mariner Releases
1.0
2026-05-09T01:02:24
<p>Information published.</p>
2.0
2026-05-11T01:49:37
<p>Information published.</p>
ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
Mariner
Linux
Yes
CVE-2026-43443
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
1.0
2026-05-09T01:02:29
<p>Information published.</p>
4.0
2026-05-19T01:49:26
<p>Information published.</p>
2.0
2026-05-11T01:49:46
<p>Information published.</p>
3.0
2026-05-17T14:49:43
<p>Information published.</p>
x86/kexec: Disable KCOV instrumentation after load_segments()
Mariner
Linux
Yes
CVE-2026-43331
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-09T01:02:13
<p>Information published.</p>
3.1
2026-05-22T01:47:50
<p>Information published.</p>
2.0
2026-05-11T14:41:15
<p>Information published.</p>
3.0
2026-05-17T14:49:35
<p>Information published.</p>
spi: spidev: fix lock inversion between spi_lock and buf_lock
Mariner
Linux
Yes
CVE-2026-43319
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
3.1
2026-05-22T01:47:57
<p>Information published.</p>
1.0
2026-05-09T01:02:40
<p>Information published.</p>
2.0
2026-05-11T01:50:03
<p>Information published.</p>
3.0
2026-05-17T14:49:59
<p>Information published.</p>
mm/page_alloc: clear page->private in free_pages_prepare()
Mariner
Linux
Yes
CVE-2026-43303
21332-17084
21308-17084
21344-17084
21332-17084
21308-17084
21344-17084
Moderate
21332-17084
Moderate
21308-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21332-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-09T01:02:46
<p>Information published.</p>
2.0
2026-05-11T14:41:43
<p>Information published.</p>
3.1
2026-05-22T01:48:02
<p>Information published.</p>
3.0
2026-05-17T14:50:07
<p>Information published.</p>
perf/x86/intel/uncore: Fix die ID init and look up bugs
Mariner
Linux
Yes
CVE-2026-43344
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-09T01:02:52
<p>Information published.</p>
2.0
2026-05-11T01:50:11
<p>Information published.</p>
3.0
2026-05-12T14:38:18
<p>Information published.</p>
4.0
2026-05-17T14:50:15
<p>Information published.</p>
drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path
Mariner
Linux
Yes
CVE-2026-43305
21308-17084
21308-17084
Moderate
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
CBL-Mariner Releases
21308-17084
No
Security Update
6.6.138.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21308-17084
CBL-Mariner Releases
1.0
2026-05-09T01:03:08
<p>Information published.</p>
2.0
2026-05-11T01:50:40
<p>Information published.</p>
media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
Mariner
Linux
Yes
CVE-2026-43310
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
4.0
2026-05-19T01:38:58
<p>Information published.</p>
1.0
2026-05-09T01:03:30
<p>Information published.</p>
2.0
2026-05-11T01:51:15
<p>Information published.</p>
3.0
2026-05-17T14:50:49
<p>Information published.</p>
drm/amdgpu: add upper bound check on user inputs in signal ioctl
Mariner
Linux
Yes
CVE-2026-43400
21308-17084
21308-17084
21308-17084
CBL-Mariner Releases
21308-17084
No
Security Update
6.6.138.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21308-17084
CBL-Mariner Releases
2.0
2026-05-11T01:51:07
<p>Information published.</p>
1.0
2026-05-09T01:03:25
<p>Information published.</p>
mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node
Mariner
Linux
Yes
CVE-2026-43292
21308-17084
21308-17084
Moderate
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
CBL-Mariner Releases
21308-17084
No
Security Update
6.6.138.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21308-17084
CBL-Mariner Releases
2.0
2026-05-11T01:51:43
<p>Information published.</p>
1.0
2026-05-09T01:03:47
<p>Information published.</p>
drm/amdgpu: add upper bound check on user inputs in wait ioctl
Mariner
Linux
Yes
CVE-2026-43398
21308-17084
21308-17084
21308-17084
CBL-Mariner Releases
21308-17084
No
Security Update
6.6.138.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21308-17084
CBL-Mariner Releases
1.0
2026-05-09T01:03:53
<p>Information published.</p>
2.0
2026-05-11T01:51:52
<p>Information published.</p>
soc/tegra: pmc: Fix unsafe generic_handle_irq() call
Mariner
Linux
Yes
CVE-2026-43311
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-11T01:52:01
<p>Information published.</p>
1.0
2026-05-09T01:03:58
<p>Information published.</p>
3.0
2026-05-17T14:51:13
<p>Information published.</p>
usb: gadget: f_ncm: Fix net_device lifecycle with device_move
Mariner
Linux
Yes
CVE-2026-43421
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
1.0
2026-05-09T01:04:04
<p>Information published.</p>
4.0
2026-05-19T01:39:13
<p>Information published.</p>
2.0
2026-05-11T01:52:10
<p>Information published.</p>
3.0
2026-05-17T14:51:21
<p>Information published.</p>
btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
Mariner
Linux
Yes
CVE-2026-43308
21308-17084
21332-17084
21344-17084
21308-17084
21332-17084
21344-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-09T01:04:09
<p>Information published.</p>
2.0
2026-05-11T01:52:20
<p>Information published.</p>
3.0
2026-05-18T01:39:12
<p>Information published.</p>
Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
Mariner
mitre
Yes
CVE-2026-37458
Improper Input Validation
21317-17084
21317-17084
Moderate
21317-17084
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21317-17084
2.0
2026-05-19T01:39:20
<p>Information published.</p>
1.0
2026-05-09T01:04:15
<p>Information published.</p>
net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
Mariner
GitHub_M
Yes
CVE-2026-42256
Use of Blocking Code in Single-threaded, Non-blocking Context
21312-17084
21312-17084
Moderate
21312-17084
2.0
2026-05-11T14:47:44
<p>Information published.</p>
3.0
2026-05-19T01:40:04
<p>Information published.</p>
1.0
2026-05-11T01:03:12
<p>Information published.</p>
net-imap vulnerable to STARTTLS stripping via invalid response timing
Mariner
GitHub_M
Yes
CVE-2026-42246
Missing Report of Error Condition
21312-17084
21312-17084
Important
21312-17084
3.0
2026-05-19T01:40:10
<p>Information published.</p>
1.0
2026-05-11T01:03:17
<p>Information published.</p>
2.0
2026-05-11T14:47:49
<p>Information published.</p>
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
Mariner
mitre
Yes
CVE-2026-45186
Inefficient Algorithmic Complexity
21119-17084
21100-17084
21279-17084
21119-17084
21100-17084
21279-17084
Low
21119-17084
Low
21100-17084
Low
21279-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
21119-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
21100-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
21279-17084
2.0
2026-05-11T14:47:54
<p>Information published.</p>
3.0
2026-05-13T01:03:56
<p>Information published.</p>
4.0
2026-05-19T01:40:24
<p>Information published.</p>
1.0
2026-05-11T01:03:23
<p>Information published.</p>
drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
Mariner
Linux
Yes
CVE-2026-31767
21332-17084
21344-17084
21332-17084
21344-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
4.4
4.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-13T01:01:53
<p>Information published.</p>
2.0
2026-05-17T14:51:46
<p>Information published.</p>
2.1
2026-05-22T01:38:50
<p>Information published.</p>
9p/xen: protect xen_9pfs_front_free against concurrent calls
Mariner
Linux
Yes
CVE-2026-43249
21332-17084
21344-17084
21332-17084
21344-17084
Important
21332-17084
Moderate
21344-17084
8.8
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21332-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
21344-17084
1.0
2026-05-13T01:01:58
<p>Information published.</p>
2.1
2026-05-22T01:38:59
<p>Information published.</p>
2.0
2026-05-17T14:51:54
<p>Information published.</p>
Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Mariner
TQtC
Yes
CVE-2026-6210
Access of Resource Using Incompatible Type ('Type Confusion')
21335-17084
21335-17084
Important
21335-17084
1.0
2026-05-13T01:05:53
<p>Information published.</p>
2.0
2026-05-19T01:45:29
<p>Information published.</p>
Mako: Path traversal via backslash URI on Windows in TemplateLookup
Mariner
GitHub_M
Yes
CVE-2026-44307
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
21311-17084
21311-17084
Important
21311-17084
1.0
2026-05-14T01:01:26
<p>Information published.</p>
wrong reuse of SMB connection
Mariner
curl
Yes
CVE-2026-5773
21207-17084
21207-17084
Moderate
21207-17084
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U
21207-17084
1.0
2026-05-14T01:03:14
<p>Information published.</p>
2.0
2026-05-19T01:47:13
<p>Information published.</p>
Gnutls: gnutls: security bypass due to incorrect name constraint handling
Mariner
redhat
Yes
CVE-2026-42011
Improper Certificate Validation
20911-17084
20911-17084
Moderate
20911-17084
7.4
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U
20911-17084
2.0
2026-05-19T01:47:48
<p>Information published.</p>
1.0
2026-05-15T01:02:12
<p>Information published.</p>
libyang: lyb_read_string() integer overflow → heap buffer overflow
Mariner
GitHub_M
Yes
CVE-2026-44673
Integer Overflow or Wraparound
21339-17084
21339-17084
Important
21339-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
21339-17084
CBL-Mariner Releases
21339-17084
No
Security Update
2.1.148-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21339-17084
CBL-Mariner Releases
2.0
2026-05-23T01:44:35
<p>Information published.</p>
1.0
2026-05-16T01:03:48
<p>Information published.</p>
PostgreSQL discloses MD5-hashed passwords via covert timing channel
Mariner
PostgreSQL
Yes
CVE-2026-6478
Covert Timing Channel
21340-17084
21340-17084
Moderate
21340-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
21340-17084
CBL-Mariner Releases
21340-17084
No
Security Update
16.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21340-17084
CBL-Mariner Releases
1.0
2026-05-16T01:03:55
<p>Information published.</p>
2.0
2026-05-17T14:39:05
<p>Information published.</p>
PostgreSQL server undersizes allocations, via integer wraparound
Mariner
PostgreSQL
Yes
CVE-2026-6473
Integer Overflow or Wraparound
21249-17084
21340-17084
21249-17084
21340-17084
Important
21249-17084
Important
21340-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21249-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21340-17084
CBL-Mariner Releases
21340-17084
No
Security Update
16.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21340-17084
CBL-Mariner Releases
3.0
2026-05-19T01:02:09
<p>Information published.</p>
1.0
2026-05-16T01:04:00
<p>Information published.</p>
2.0
2026-05-17T14:39:18
<p>Information published.</p>
PostgreSQL REFRESH PUBLICATION allows SQL injection via table name
Mariner
PostgreSQL
Yes
CVE-2026-6638
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
21340-17084
21340-17084
Low
21340-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
21340-17084
CBL-Mariner Releases
21340-17084
No
Security Update
16.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21340-17084
CBL-Mariner Releases
1.0
2026-05-16T01:04:06
<p>Information published.</p>
2.0
2026-05-17T14:39:32
<p>Information published.</p>
PostgreSQL refint allows stack buffer overflow and SQL injection
Mariner
PostgreSQL
Yes
CVE-2026-6637
Stack-based Buffer Overflow
21340-17084
21340-17084
Important
21340-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21340-17084
CBL-Mariner Releases
21340-17084
No
Security Update
16.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21340-17084
CBL-Mariner Releases
1.0
2026-05-16T01:04:28
<p>Information published.</p>
2.0
2026-05-17T14:40:29
<p>Information published.</p>
PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
Mariner
PostgreSQL
Yes
CVE-2026-6477
Use of Inherently Dangerous Function
21249-17084
21340-17084
21249-17084
21340-17084
Important
21249-17084
Important
21340-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
21249-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
21340-17084
CBL-Mariner Releases
21340-17084
No
Security Update
16.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21340-17084
CBL-Mariner Releases
3.0
2026-05-19T01:02:03
<p>Information published.</p>
1.0
2026-05-16T01:04:33
<p>Information published.</p>
2.0
2026-05-17T14:40:42
<p>Information published.</p>
NGINX ngx_quic_module vulnerability
Mariner
f5
Yes
CVE-2026-40460
Authentication Bypass by Spoofing
21341-17084
21341-17084
Moderate
21341-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
21341-17084
CBL-Mariner Releases
21341-17084
No
Security Update
1.28.3-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21341-17084
CBL-Mariner Releases
1.0
2026-05-16T01:04:45
<p>Information published.</p>
2.0
2026-05-17T14:41:07
<p>Information published.</p>
NGINX ngx_http_charset_module vulnerability
Mariner
f5
Yes
CVE-2026-42934
Out-of-bounds Read
21341-17084
21341-17084
Moderate
21341-17084
4.8
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
21341-17084
CBL-Mariner Releases
21341-17084
No
Security Update
1.28.3-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21341-17084
CBL-Mariner Releases
1.0
2026-05-16T01:04:55
<p>Information published.</p>
2.0
2026-05-17T14:41:33
<p>Information published.</p>
NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
Mariner
f5
Yes
CVE-2026-42946
Memory Allocation with Excessive Size Value
21341-17084
21341-17084
Important
21341-17084
6.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
21341-17084
CBL-Mariner Releases
21341-17084
No
Security Update
1.28.3-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21341-17084
CBL-Mariner Releases
1.0
2026-05-16T01:05:06
<p>Information published.</p>
2.0
2026-05-17T14:41:58
<p>Information published.</p>
rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
Mariner
GitHub_M
Yes
CVE-2026-44662
Heap-based Buffer Overflow
21255-17084
21217-17084
21165-17084
21254-17084
21249-17084
21266-17084
21291-17084
21241-17084
21255-17084
21217-17084
21165-17084
21254-17084
21249-17084
21266-17084
21291-17084
21241-17084
Moderate
21255-17084
Moderate
21217-17084
Moderate
21165-17084
Moderate
21254-17084
Moderate
21249-17084
Moderate
21266-17084
Moderate
21291-17084
Moderate
21241-17084
2.0
2026-05-19T01:49:22
<p>Information published.</p>
1.0
2026-05-16T01:05:37
<p>Information published.</p>
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
Mariner
GitHub_M
Yes
CVE-2026-44431
Exposure of Sensitive Information to an Unauthorized Actor
20831-17084
20831-17084
Important
20831-17084
CBL-Mariner Releases
20831-17084
No
Security Update
2.0.7-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20831-17084
CBL-Mariner Releases
1.0
2026-05-16T01:05:12
<p>Information published.</p>
2.0
2026-05-19T14:40:42
<p>Information published.</p>
ksmbd: validate inherited ACE SID length
Mariner
Linux
Yes
CVE-2026-43490
21332-17084
21344-17084
21332-17084
21344-17084
21332-17084
Important
21344-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
4.0
2026-05-22T01:39:24
<p>Information published.</p>
1.0
2026-05-16T01:05:47
<p>Information published.</p>
2.0
2026-05-17T14:42:09
<p>Information published.</p>
3.0
2026-05-18T14:39:24
<p>Information published.</p>
crypto: pcrypt - Fix handling of MAY_BACKLOG requests
Mariner
Linux
Yes
CVE-2026-43493
21344-17084
21344-17084
Important
21344-17084
8.4
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-20T01:01:28
<p>Information published.</p>
2.0
2026-05-20T14:38:38
<p>Information published.</p>
3.0
2026-05-22T01:39:49
<p>Information published.</p>
net: qrtr: ns: Limit the maximum server registration per node
Mariner
Linux
Yes
CVE-2026-43491
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-21T01:39:26
<p>Information published.</p>
2.1
2026-05-22T01:39:57
<p>Information published.</p>
1.0
2026-05-20T01:01:33
<p>Information published.</p>
1.1
2026-05-20T14:38:43
<p>Information published.</p>
Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
Mariner
VulnCheck
Yes
CVE-2026-43619
Time-of-check Time-of-use (TOCTOU) Race Condition
20732-17084
20732-17084
Moderate
20732-17084
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
20732-17084
CBL-Mariner Releases
20732-17084
No
Security Update
3.4.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20732-17084
CBL-Mariner Releases
1.0
2026-05-21T01:01:17
<p>Information published.</p>
2.0
2026-05-23T01:44:58
<p>Information published.</p>
Rsync < 3.4.3 Integer Overflow Information Disclosure
Mariner
VulnCheck
Yes
CVE-2026-43618
Integer Overflow or Wraparound
20732-17084
20732-17084
Important
20732-17084
8.1
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20732-17084
CBL-Mariner Releases
20732-17084
No
Security Update
3.4.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20732-17084
CBL-Mariner Releases
1.0
2026-05-21T01:01:23
<p>Information published.</p>
2.0
2026-05-23T01:38:14
<p>Information published.</p>
Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
Mariner
VulnCheck
Yes
CVE-2026-43620
Out-of-bounds Read
20732-17084
20732-17084
Moderate
20732-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20732-17084
CBL-Mariner Releases
20732-17084
No
Security Update
3.4.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20732-17084
CBL-Mariner Releases
1.0
2026-05-21T01:01:28
<p>Information published.</p>
2.0
2026-05-23T01:38:23
<p>Information published.</p>
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
Mariner
mitre
Yes
CVE-2026-47784
Observable Timing Discrepancy
21347-17084
21347-17084
Important
21347-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
21347-17084
CBL-Mariner Releases
21347-17084
No
Security Update
1.6.27-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21347-17084
CBL-Mariner Releases
1.0
2026-05-21T01:01:53
<p>Information published.</p>
2.0
2026-05-22T14:39:08
<p>Information published.</p>
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
Mariner
mitre
Yes
CVE-2026-47783
Observable Timing Discrepancy
21347-17084
21347-17084
Important
21347-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
21347-17084
CBL-Mariner Releases
21347-17084
No
Security Update
1.6.27-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21347-17084
CBL-Mariner Releases
1.0
2026-05-21T01:01:59
<p>Information published.</p>
2.0
2026-05-22T14:39:15
<p>Information published.</p>
Packet of death with DNSCrypt
Mariner
NLnet Labs
Yes
CVE-2026-32792
Improper Handling of Missing Special Element
20736-17084
20736-17084
Moderate
20736-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20736-17084
CBL-Mariner Releases
20736-17084
No
Security Update
1.25.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20736-17084
CBL-Mariner Releases
1.0
2026-05-21T01:02:10
<p>Information published.</p>
2.0
2026-05-23T01:39:08
<p>Information published.</p>
Possible cache poisoning via promiscuous records for the authority section
Mariner
NLnet Labs
Yes
CVE-2026-42960
Acceptance of Extraneous Untrusted Data With Trusted Data
20736-17084
20736-17084
Moderate
20736-17084
10.0
10.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
20736-17084
CBL-Mariner Releases
20736-17084
No
Security Update
1.25.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20736-17084
CBL-Mariner Releases
1.0
2026-05-21T01:02:16
<p>Information published.</p>
2.0
2026-05-23T01:39:17
<p>Information published.</p>
Crash during DNSSEC validation of malicious content
Mariner
NLnet Labs
Yes
CVE-2026-42959
Access of Uninitialized Pointer
20736-17084
20736-17084
Moderate
20736-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20736-17084
CBL-Mariner Releases
20736-17084
No
Security Update
1.25.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20736-17084
CBL-Mariner Releases
1.0
2026-05-21T01:02:21
<p>Information published.</p>
2.0
2026-05-23T01:39:27
<p>Information published.</p>
Use after free and crash under special conditions in RPZ code
Mariner
NLnet Labs
Yes
CVE-2026-44608
Improper Resource Locking
20736-17084
20736-17084
Moderate
20736-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20736-17084
CBL-Mariner Releases
20736-17084
No
Security Update
1.25.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20736-17084
CBL-Mariner Releases
1.0
2026-05-21T01:02:27
<p>Information published.</p>
2.0
2026-05-23T01:39:36
<p>Information published.</p>
Possible arbitrary code execution during DNSSEC validation
Mariner
NLnet Labs
Yes
CVE-2026-33278
Use After Free
20736-17084
20736-17084
Critical
20736-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20736-17084
CBL-Mariner Releases
20736-17084
No
Security Update
1.25.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20736-17084
CBL-Mariner Releases
1.0
2026-05-21T01:02:32
<p>Information published.</p>
2.0
2026-05-23T01:39:45
<p>Information published.</p>
Degradation of service with unbounded NSEC3 hash calculations
Mariner
NLnet Labs
Yes
CVE-2026-42923
Inefficient Algorithmic Complexity
20736-17084
20736-17084
Moderate
20736-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20736-17084
CBL-Mariner Releases
20736-17084
No
Security Update
1.25.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20736-17084
CBL-Mariner Releases
1.0
2026-05-21T01:02:54
<p>Information published.</p>
2.0
2026-05-23T01:40:27
<p>Information published.</p>
Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
Mariner
EEF
Yes
CVE-2026-43970
Improper Handling of Highly Compressed Data (Data Amplification)
20623-17084
20623-17084
Moderate
20623-17084
1.0
2026-05-21T01:03:23
<p>Information published.</p>
net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
Mariner
Linux
Yes
CVE-2026-43465
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-22T01:01:28
<p>Information published.</p>
rtmutex: Use waiter::task instead of current in remove_waiter()
Mariner
Linux
Yes
CVE-2026-43499
21344-17084
21344-17084
Important
21344-17084
7.8
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-22T01:01:34
<p>Information published.</p>
fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free
Mariner
Linux
Yes
CVE-2026-43497
21344-17084
21344-17084
Important
21344-17084
7.8
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-22T01:01:44
<p>Information published.</p>
net/rds: handle zerocopy send cleanup before the message is queued
Mariner
Linux
Yes
CVE-2026-43502
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-22T01:01:50
<p>Information published.</p>
ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
Mariner
Linux
Yes
CVE-2026-43501
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-22T01:01:55
<p>Information published.</p>
net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked
Mariner
Linux
Yes
CVE-2026-43496
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-22T01:02:01
<p>Information published.</p>
BIND 9 server memory exhaustion during GSS-API TKEY negotiation
Mariner
isc
Yes
CVE-2026-3039
Missing Reference to Active Allocated Resource
21351-17084
21351-17084
Important
21351-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
21351-17084
CBL-Mariner Releases
21351-17084
No
Security Update
9.20.23-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21351-17084
CBL-Mariner Releases
1.0
2026-05-23T01:01:20
<p>Information published.</p>
Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
Mariner
isc
Yes
CVE-2026-3593
Use After Free
21351-17084
21351-17084
Important
21351-17084
7.4
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
21351-17084
CBL-Mariner Releases
21351-17084
No
Security Update
9.20.23-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21351-17084
CBL-Mariner Releases
1.0
2026-05-23T01:01:32
<p>Information published.</p>
Invalid handling of CLASS != IN
Mariner
isc
Yes
CVE-2026-5946
Improper Input Validation
21351-17084
21351-17084
Important
21351-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
21351-17084
CBL-Mariner Releases
21351-17084
No
Security Update
9.20.23-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21351-17084
CBL-Mariner Releases
1.0
2026-05-23T01:01:39
<p>Information published.</p>
Unbounded resend loop in BIND 9 resolver
Mariner
isc
Yes
CVE-2026-5950
Unchecked Input for Loop Condition
21351-17084
21351-17084
Moderate
21351-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
21351-17084
CBL-Mariner Releases
21351-17084
No
Security Update
9.20.23-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21351-17084
CBL-Mariner Releases
1.0
2026-05-23T01:01:51
<p>Information published.</p>
Missing exit out of permission check in haveged could lead to root exploit
Mariner
suse
Yes
CVE-2026-41054
Authentication Bypass by Primary Weakness
21352-17084
21352-17084
Important
21352-17084
7.8
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21352-17084
CBL-Mariner Releases
21352-17084
No
Security Update
1.9.22-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21352-17084
CBL-Mariner Releases
1.0
2026-05-23T01:02:03
<p>Information published.</p>
2.0
2026-05-24T01:42:19
<p>Information published.</p>
mptcp: fix soft lockup in mptcp_recvmsg()
Mariner
Linux
Yes
CVE-2026-43029
Improper Locking
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-25T01:01:50
<p>Information published.</p>
2.0
2026-05-25T14:39:03
<p>Information published.</p>
net: skbuff: propagate shared-frag marker through frag-transfer helpers
Mariner
Linux
Yes
CVE-2026-43503
21344-17084
21344-17084
Important
21344-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2026-05-27T01:01:26
<p>Information published.</p>
2.0
2026-05-27T14:40:23
<p>Information published.</p>
net: skbuff: preserve shared-frag marker during coalescing
Mariner
Linux
Yes
CVE-2026-46300
Out-of-bounds Write
21344-17084
21344-17084
Important
21344-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2026-05-27T01:01:32
<p>Information published.</p>
2.0
2026-05-27T14:40:28
<p>Information published.</p>
libyang - Heap Use-After-Free Write in XML Metadata Parsing
Mariner
VulnCheck
Yes
CVE-2026-41401
Use After Free
21339-17084
21339-17084
Important
21339-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21339-17084
CBL-Mariner Releases
21339-17084
No
Security Update
2.1.148-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21339-17084
CBL-Mariner Releases
1.0
2026-05-27T01:01:38
<p>Information published.</p>
2.0
2026-05-27T14:40:40
<p>Information published.</p>
3.0
2026-05-30T14:03:44
<p>Information published.</p>
NGINX ngx_http_rewrite_module vulnerability
Mariner
f5
Yes
CVE-2026-9256
Heap-based Buffer Overflow
21341-17084
21341-17084
Important
21341-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
21341-17084
CBL-Mariner Releases
21341-17084
No
Security Update
1.28.3-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
21341-17084
CBL-Mariner Releases
1.0
2026-05-27T01:18:17
<p>Information published.</p>
2.0
2026-05-28T14:50:09
<p>Information published.</p>
md/raid10: fix deadlock with check operation and nowait requests
Mariner
Linux
Yes
CVE-2026-46050
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:01:27
<p>Information published.</p>
2.0
2026-05-28T14:44:21
<p>Information published.</p>
media: mtk-jpeg: fix use-after-free in release path due to uncancelled work
Mariner
Linux
Yes
CVE-2026-46011
21344-17084
21344-17084
Moderate
21344-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-28T14:44:32
<p>Information published.</p>
1.0
2026-05-28T01:01:40
<p>Information published.</p>
HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients
Mariner
Linux
Yes
CVE-2026-45877
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:01:58
<p>Information published.</p>
2.0
2026-05-28T14:44:52
<p>Information published.</p>
ipvs: do not keep dest_dst if dev is going down
Mariner
Linux
Yes
CVE-2026-45917
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-28T14:44:58
<p>Information published.</p>
1.0
2026-05-28T01:02:04
<p>Information published.</p>
netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO
Mariner
Linux
Yes
CVE-2026-45841
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-28T14:45:04
<p>Information published.</p>
1.0
2026-05-28T01:02:11
<p>Information published.</p>
ntfs3: fix integer overflow in run_unpack() volume boundary check
Mariner
Linux
Yes
CVE-2026-46062
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:02:23
<p>Information published.</p>
1.1
2026-05-28T14:45:16
<p>Information published.</p>
2.0
2026-05-29T01:42:20
<p>Information published.</p>
xfs: fix a resource leak in xfs_alloc_buftarg()
Mariner
Linux
Yes
CVE-2026-46005
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:02:35
<p>Information published.</p>
2.0
2026-05-28T14:45:27
<p>Information published.</p>
net: mctp: ensure our nlmsg responses are initialised
Mariner
Linux
Yes
CVE-2026-45930
21344-17084
21344-17084
Moderate
21344-17084
6.6
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U
21344-17084
1.1
2026-05-28T14:45:32
<p>Information published.</p>
1.0
2026-05-28T01:02:41
<p>Information published.</p>
2.0
2026-05-29T01:42:31
<p>Information published.</p>
thermal: core: Fix thermal zone governor cleanup issues
Mariner
Linux
Yes
CVE-2026-46021
21344-17084
21344-17084
Moderate
21344-17084
4.5
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U
21344-17084
1.0
2026-05-28T01:02:53
<p>Information published.</p>
1.1
2026-05-28T14:45:44
<p>Information published.</p>
2.0
2026-05-29T01:42:39
<p>Information published.</p>
ipv4: icmp: validate reply type before using icmp_pointers
Mariner
Linux
Yes
CVE-2026-46037
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:03:06
<p>Information published.</p>
2.0
2026-05-28T14:45:55
<p>Information published.</p>
RDMA/mana_ib: Disable RX steering on RSS QP destroy
Mariner
Linux
Yes
CVE-2026-46084
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:03:12
<p>Information published.</p>
1.1
2026-05-28T14:46:02
<p>Information published.</p>
2.0
2026-05-29T01:42:47
<p>Information published.</p>
rxrpc: Fix memory leaks in rxkad_verify_response()
Mariner
Linux
Yes
CVE-2026-46012
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-28T14:46:08
<p>Information published.</p>
1.0
2026-05-28T01:03:18
<p>Information published.</p>
rxrpc: Fix rxkad crypto unalignment handling
Mariner
Linux
Yes
CVE-2026-46085
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-28T14:46:13
<p>Information published.</p>
1.0
2026-05-28T01:03:24
<p>Information published.</p>
KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN
Mariner
Linux
Yes
CVE-2026-46059
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:03:36
<p>Information published.</p>
2.0
2026-05-28T14:46:24
<p>Information published.</p>
ALSA: caiaq: Handle probe errors properly
Mariner
Linux
Yes
CVE-2026-46004
21344-17084
21344-17084
Low
21344-17084
4.0
3.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U
21344-17084
1.0
2026-05-28T01:03:42
<p>Information published.</p>
1.1
2026-05-28T14:46:31
<p>Information published.</p>
2.0
2026-05-29T01:43:02
<p>Information published.</p>
netfilter: nf_tables: revert commit_mutex usage in reset path
Mariner
Linux
Yes
CVE-2026-45901
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-28T14:46:37
<p>Information published.</p>
1.0
2026-05-28T01:03:53
<p>Information published.</p>
ocfs2: split transactions in dio completion to avoid credit exhaustion
Mariner
Linux
Yes
CVE-2026-46080
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:04:04
<p>Information published.</p>
1.1
2026-05-28T14:46:48
<p>Information published.</p>
2.0
2026-05-29T01:43:13
<p>Information published.</p>
iommu/vt-d: Clear Present bit before tearing down PASID entry
Mariner
Linux
Yes
CVE-2026-45894
21344-17084
21344-17084
Moderate
21344-17084
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
21344-17084
1.0
2026-05-28T01:04:10
<p>Information published.</p>
1.1
2026-05-28T14:46:53
<p>Information published.</p>
2.0
2026-05-29T01:43:18
<p>Information published.</p>
openvswitch: cap upcall PID array size and pre-size vport replies
Mariner
Linux
Yes
CVE-2026-45840
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:04:29
<p>Information published.</p>
1.1
2026-05-28T14:47:11
<p>Information published.</p>
2.0
2026-05-29T01:43:32
<p>Information published.</p>
selinux: fix overlayfs mmap() and mprotect() access checks
Mariner
Linux
Yes
CVE-2026-46054
21344-17084
21344-17084
Moderate
21344-17084
7.5
6.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U
21344-17084
1.1
2026-05-28T14:47:22
<p>Information published.</p>
2.0
2026-05-29T01:43:40
<p>Information published.</p>
1.0
2026-05-28T01:04:40
<p>Information published.</p>
udf: fix partition descriptor append bookkeeping
Mariner
Linux
Yes
CVE-2026-45991
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:04:53
<p>Information published.</p>
1.1
2026-05-28T14:47:36
<p>Information published.</p>
2.0
2026-05-29T01:43:48
<p>Information published.</p>
net/smc: avoid early lgr access in smc_clc_wait_msg
Mariner
Linux
Yes
CVE-2026-46027
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:04:59
<p>Information published.</p>
2.0
2026-05-28T14:47:42
<p>Information published.</p>
ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
Mariner
Linux
Yes
CVE-2026-46088
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:05:05
<p>Information published.</p>
2.0
2026-05-28T14:47:48
<p>Information published.</p>
md/raid5: fix soft lockup in retry_aligned_read()
Mariner
Linux
Yes
CVE-2026-46051
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:05:17
<p>Information published.</p>
2.0
2026-05-28T14:48:00
<p>Information published.</p>
net: rds: fix MR cleanup on copy error
Mariner
Linux
Yes
CVE-2026-46053
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:05:23
<p>Information published.</p>
1.1
2026-05-28T14:48:07
<p>Information published.</p>
2.0
2026-05-29T01:44:03
<p>Information published.</p>
ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES
Mariner
Linux
Yes
CVE-2026-46018
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:05:30
<p>Information published.</p>
2.0
2026-05-28T14:48:13
<p>Information published.</p>
Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
Mariner
Linux
Yes
CVE-2026-45835
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:05:43
<p>Information published.</p>
2.0
2026-05-29T01:52:47
<p>Information published.</p>
Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
Mariner
Linux
Yes
CVE-2026-45834
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:05:49
<p>Information published.</p>
2.0
2026-05-29T01:52:52
<p>Information published.</p>
iommu/vt-d: Clear Present bit before tearing down context entry
Mariner
Linux
Yes
CVE-2026-45944
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:05:48
<p>Information published.</p>
2.0
2026-05-28T14:48:30
<p>Information published.</p>
bpf: Fix tcx/netkit detach permissions when prog fd isn't given
Mariner
Linux
Yes
CVE-2026-45932
21344-17084
21344-17084
Moderate
21344-17084
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U
21344-17084
1.0
2026-05-28T01:05:54
<p>Information published.</p>
1.1
2026-05-28T14:48:35
<p>Information published.</p>
2.0
2026-05-29T01:44:16
<p>Information published.</p>
Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()
Mariner
Linux
Yes
CVE-2026-45836
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:05:55
<p>Information published.</p>
2.0
2026-05-28T14:50:32
<p>Information published.</p>
gfs2: fix memory leaks in gfs2_fill_super error path
Mariner
Linux
Yes
CVE-2026-45961
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:06:00
<p>Information published.</p>
2.0
2026-05-28T14:48:41
<p>Information published.</p>
bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
Mariner
Linux
Yes
CVE-2026-45839
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
21344-17084
1.0
2026-05-28T01:06:07
<p>Information published.</p>
1.1
2026-05-28T14:48:47
<p>Information published.</p>
2.0
2026-05-29T01:44:29
<p>Information published.</p>
net: stmmac: fix oops when split header is enabled
Mariner
Linux
Yes
CVE-2026-45940
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U
21344-17084
1.1
2026-05-28T14:48:52
<p>Information published.</p>
1.0
2026-05-28T01:06:13
<p>Information published.</p>
2.0
2026-05-29T01:44:35
<p>Information published.</p>
apparmor: Fix & Optimize table creation from possibly unaligned memory
Mariner
Linux
Yes
CVE-2026-45893
21344-17084
21344-17084
Low
21344-17084
3.3
3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U
21344-17084
1.0
2026-05-28T01:06:31
<p>Information published.</p>
1.1
2026-05-28T14:49:06
<p>Information published.</p>
2.0
2026-05-29T01:44:46
<p>Information published.</p>
erofs: fix inline data read failure for ztailpacking pclusters
Mariner
Linux
Yes
CVE-2026-45943
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:06:46
<p>Information published.</p>
2.0
2026-05-28T14:50:53
<p>Information published.</p>
mm: fix deferred split queue races during migration
Mariner
Linux
Yes
CVE-2026-46017
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:06:52
<p>Information published.</p>
1.1
2026-05-28T14:50:58
<p>Information published.</p>
2.0
2026-05-29T01:53:01
<p>Information published.</p>
netfilter: nft_counter: serialize reset with spinlock
Mariner
Linux
Yes
CVE-2026-45897
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-28T14:39:35
<p>Information published.</p>
1.0
2026-05-28T01:06:49
<p>Information published.</p>
scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails
Mariner
Linux
Yes
CVE-2026-45997
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:07:02
<p>Information published.</p>
2.0
2026-05-28T14:39:51
<p>Information published.</p>
crypto: ccree - fix a memory leak in cc_mac_digest()
Mariner
Linux
Yes
CVE-2026-45986
21344-17084
21344-17084
Moderate
21344-17084
4.4
4.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U
21344-17084
1.1
2026-05-28T14:51:19
<p>Information published.</p>
1.0
2026-05-28T01:07:18
<p>Information published.</p>
2.0
2026-05-29T01:53:18
<p>Information published.</p>
net: qrtr: ns: Fix use-after-free in driver remove()
Mariner
Linux
Yes
CVE-2026-46047
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:07:25
<p>Information published.</p>
1.1
2026-05-28T14:51:24
<p>Information published.</p>
2.0
2026-05-29T01:53:23
<p>Information published.</p>
ipvs: skip ipv6 extension headers for csum checks
Mariner
Linux
Yes
CVE-2026-45850
21344-17084
21344-17084
Moderate
21344-17084
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.1
2026-05-28T14:51:29
<p>Information published.</p>
1.0
2026-05-28T01:07:31
<p>Information published.</p>
2.0
2026-05-29T01:53:28
<p>Information published.</p>
ceph: only d_add() negative dentries when they are unhashed
Mariner
Linux
Yes
CVE-2026-46052
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:07:37
<p>Information published.</p>
1.1
2026-05-28T14:51:34
<p>Information published.</p>
2.0
2026-05-29T01:53:33
<p>Information published.</p>
PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
Mariner
Linux
Yes
CVE-2026-46009
21344-17084
21344-17084
Moderate
21344-17084
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-28T01:07:12
<p>Information published.</p>
1.1
2026-05-28T14:51:14
<p>Information published.</p>
2.0
2026-05-29T01:53:13
<p>Information published.</p>
md/raid5: validate payload size before accessing journal metadata
Mariner
Linux
Yes
CVE-2026-46070
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:07:42
<p>Information published.</p>
2.0
2026-05-28T14:51:40
<p>Information published.</p>
RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
Mariner
Linux
Yes
CVE-2026-46043
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:07:54
<p>Information published.</p>
1.1
2026-05-28T14:51:50
<p>Information published.</p>
2.0
2026-05-29T01:53:42
<p>Information published.</p>
ibmasm: fix OOB reads in command_file_write due to missing size checks
Mariner
Linux
Yes
CVE-2026-45994
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:08:00
<p>Information published.</p>
2.0
2026-05-28T14:51:55
<p>Information published.</p>
wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
Mariner
Linux
Yes
CVE-2026-46069
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
21344-17084
1.0
2026-05-28T01:08:06
<p>Information published.</p>
1.1
2026-05-28T14:52:00
<p>Information published.</p>
2.0
2026-05-29T01:53:49
<p>Information published.</p>
netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
Mariner
Linux
Yes
CVE-2026-45859
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:08:39
<p>Information published.</p>
1.1
2026-05-28T14:39:36
<p>Information published.</p>
2.0
2026-05-29T01:54:03
<p>Information published.</p>
KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
Mariner
Linux
Yes
CVE-2026-46032
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:09:02
<p>Information published.</p>
1.1
2026-05-28T14:40:03
<p>Information published.</p>
2.0
2026-05-29T01:54:10
<p>Information published.</p>
netfilter: reject zero shift in nft_bitwise
Mariner
Linux
Yes
CVE-2026-46101
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:09:29
<p>Information published.</p>
2.0
2026-05-28T14:40:32
<p>Information published.</p>
KVM: SVM: Add missing save/restore handling of LBR MSRs
Mariner
Linux
Yes
CVE-2026-46014
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:09:40
<p>Information published.</p>
2.0
2026-05-28T14:40:43
<p>Information published.</p>
net/sched: taprio: fix NULL pointer dereference in class dump
Mariner
Linux
Yes
CVE-2026-45845
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:09:34
<p>Information published.</p>
2.0
2026-05-28T14:40:38
<p>Information published.</p>
net: bridge: use a stable FDB dst snapshot in RCU readers
Mariner
Linux
Yes
CVE-2026-46086
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:09:46
<p>Information published.</p>
1.1
2026-05-28T14:40:49
<p>Information published.</p>
2.0
2026-05-29T01:54:37
<p>Information published.</p>
fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info
Mariner
Linux
Yes
CVE-2026-46065
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:09:51
<p>Information published.</p>
2.0
2026-05-28T14:40:55
<p>Information published.</p>
net: caif: clear client service pointer on teardown
Mariner
Linux
Yes
CVE-2026-46098
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:09:57
<p>Information published.</p>
2.0
2026-05-28T14:41:00
<p>Information published.</p>
gfs2: Fix slab-use-after-free in qd_put
Mariner
Linux
Yes
CVE-2026-45861
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
21344-17084
1.0
2026-05-28T01:10:08
<p>Information published.</p>
1.1
2026-05-28T14:41:12
<p>Information published.</p>
2.0
2026-05-29T01:40:10
<p>Information published.</p>
crypto: atmel-tdes - fix DMA sync direction
Mariner
Linux
Yes
CVE-2026-46077
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-28T14:41:24
<p>Information published.</p>
1.0
2026-05-28T01:10:19
<p>Information published.</p>
x86/shstk: Prevent deadlock during shstk sigreturn
Mariner
Linux
Yes
CVE-2026-46063
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:10:24
<p>Information published.</p>
2.0
2026-05-28T14:41:29
<p>Information published.</p>
Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
Mariner
Linux
Yes
CVE-2026-46056
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
21344-17084
1.0
2026-05-28T01:10:41
<p>Information published.</p>
1.1
2026-05-28T14:41:46
<p>Information published.</p>
2.0
2026-05-29T01:40:29
<p>Information published.</p>
drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()
Mariner
Linux
Yes
CVE-2026-45956
21344-17084
21344-17084
Important
21344-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21344-17084
2.0
2026-05-28T14:41:41
<p>Information published.</p>
1.0
2026-05-28T01:10:35
<p>Information published.</p>
crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
Mariner
Linux
Yes
CVE-2026-46068
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:10:53
<p>Information published.</p>
2.0
2026-05-28T14:41:58
<p>Information published.</p>
slip: bound decode() reads against the compressed packet length
Mariner
Linux
Yes
CVE-2026-45843
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:11:04
<p>Information published.</p>
2.0
2026-05-28T14:42:10
<p>Information published.</p>
libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()
Mariner
Linux
Yes
CVE-2026-46024
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:11:21
<p>Information published.</p>
2.0
2026-05-28T14:42:27
<p>Information published.</p>
ASoC: nau8821: Cancel delayed work on component remove
Mariner
Linux
Yes
CVE-2026-45963
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:11:32
<p>Information published.</p>
2.0
2026-05-28T14:42:39
<p>Information published.</p>
rxrpc: Fix potential UAF after skb_unshare() failure
Mariner
Linux
Yes
CVE-2026-45998
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-28T01:11:26
<p>Information published.</p>
1.1
2026-05-28T14:42:33
<p>Information published.</p>
2.0
2026-05-29T01:40:52
<p>Information published.</p>
dm mirror: fix integer overflow in create_dirty_log()
Mariner
Linux
Yes
CVE-2026-46023
21344-17084
21344-17084
Low
21344-17084
3.4
3.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L/E:U
21344-17084
1.0
2026-05-28T01:11:43
<p>Information published.</p>
1.1
2026-05-28T14:42:50
<p>Information published.</p>
2.0
2026-05-29T01:41:06
<p>Information published.</p>
netfilter: arp_tables: fix IEEE1394 ARP payload parsing
Mariner
Linux
Yes
CVE-2026-45844
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:11:49
<p>Information published.</p>
2.0
2026-05-28T14:42:55
<p>Information published.</p>
ext4: drop extent cache after doing PARTIAL_VALID1 zeroout
Mariner
Linux
Yes
CVE-2026-45892
21344-17084
21344-17084
Important
21344-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
2.0
2026-05-28T14:43:01
<p>Information published.</p>
1.0
2026-05-28T01:11:54
<p>Information published.</p>
misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
Mariner
Linux
Yes
CVE-2026-46022
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-28T14:43:12
<p>Information published.</p>
1.0
2026-05-28T01:12:05
<p>Information published.</p>
net: strparser: fix skb_head leak in strp_abort_strp()
Mariner
Linux
Yes
CVE-2026-46102
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-28T14:43:23
<p>Information published.</p>
1.0
2026-05-28T01:12:18
<p>Information published.</p>
remoteproc: xlnx: Only access buffer information if IPI is buffered
Mariner
Linux
Yes
CVE-2026-46016
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2026-05-28T14:43:29
<p>Information published.</p>
1.0
2026-05-28T01:12:23
<p>Information published.</p>
rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
Mariner
Linux
Yes
CVE-2026-46000
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:12:29
<p>Information published.</p>
2.0
2026-05-28T14:43:35
<p>Information published.</p>
drm/display/dp_mst: Add protection against 0 vcpi
Mariner
Linux
Yes
CVE-2025-71305
21344-17084
21344-17084
Critical
21344-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2026-05-28T01:12:34
<p>Information published.</p>
2.0
2026-05-28T14:43:40
<p>Information published.</p>
drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
Mariner
Linux
Yes
CVE-2026-46006
21344-17084
21344-17084
Moderate
21344-17084
7.3
6.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U
21344-17084
1.1
2026-05-28T14:43:51
<p>Information published.</p>
1.0
2026-05-28T01:12:45
<p>Information published.</p>
2.0
2026-05-29T01:41:34
<p>Information published.</p>
net: qrtr: ns: Limit the total number of nodes
Mariner
Linux
Yes
CVE-2026-46003
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-28T01:12:51
<p>Information published.</p>
2.0
2026-05-28T14:43:57
<p>Information published.</p>
spi: mpc52xx: fix use-after-free on unbind
Mariner
Linux
Yes
CVE-2026-46219
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U
21344-17084
1.0
2026-05-29T01:01:29
<p>Information published.</p>
2.0
2026-05-30T01:41:47
<p>Information published.</p>
vsock/virtio: fix accept queue count leak on transport mismatch
Mariner
Linux
Yes
CVE-2026-46214
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:01:46
<p>Information published.</p>
2.0
2026-05-30T01:41:57
<p>Information published.</p>
mptcp: pm: ADD_ADDR rtx: fix potential data-race
Mariner
Linux
Yes
CVE-2026-46137
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U
21344-17084
1.0
2026-05-29T01:02:01
<p>Information published.</p>
2.0
2026-05-30T01:42:07
<p>Information published.</p>
Bluetooth: virtio_bt: validate rx pkt_type header length
Mariner
Linux
Yes
CVE-2026-46186
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:02:17
<p>Information published.</p>
2.0
2026-05-30T01:42:18
<p>Information published.</p>
ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
Mariner
Linux
Yes
CVE-2026-46172
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:02:25
<p>Information published.</p>
2.0
2026-05-30T01:42:23
<p>Information published.</p>
mptcp: fix scheduling with atomic in timestamp sockopt
Mariner
Linux
Yes
CVE-2026-46168
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:02:39
<p>Information published.</p>
2.0
2026-05-30T01:42:33
<p>Information published.</p>
wifi: b43legacy: enforce bounds check on firmware key index in RX path
Mariner
Linux
Yes
CVE-2026-46163
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
2.0
2026-05-30T01:42:43
<p>Information published.</p>
1.0
2026-05-29T01:02:55
<p>Information published.</p>
KVM: x86: check for nEPT/nNPT in slow flush hypercalls
Mariner
Linux
Yes
CVE-2026-46131
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:03:10
<p>Information published.</p>
2.0
2026-05-30T01:42:52
<p>Information published.</p>
net: stmmac: Prevent NULL deref when RX memory exhausted
Mariner
Linux
Yes
CVE-2026-46110
21344-17084
21344-17084
Moderate
21344-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-29T01:03:24
<p>Information published.</p>
ipmi: Check event message buffer response for bad data
Mariner
Linux
Yes
CVE-2026-46128
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U
21344-17084
1.0
2026-05-29T01:03:53
<p>Information published.</p>
2.0
2026-05-30T01:43:19
<p>Information published.</p>
fbcon: Avoid OOB font access if console rotation fails
Mariner
Linux
Yes
CVE-2026-46191
21344-17084
21344-17084
Important
21344-17084
7.7
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U
21344-17084
1.0
2026-05-29T01:04:23
<p>Information published.</p>
2.0
2026-05-30T01:43:38
<p>Information published.</p>
btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak
Mariner
Linux
Yes
CVE-2026-46159
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U
21344-17084
1.0
2026-05-29T01:04:26
<p>Information published.</p>
2.0
2026-05-30T14:12:09
<p>Information published.</p>
spi: fsl: fix controller deregistration
Mariner
Linux
Yes
CVE-2026-46226
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:04:34
<p>Information published.</p>
2.0
2026-05-30T14:12:14
<p>Information published.</p>
openvswitch: vport: fix self-deadlock on release of tunnel ports
Mariner
Linux
Yes
CVE-2026-46165
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
2.0
2026-05-30T14:12:19
<p>Information published.</p>
1.0
2026-05-29T01:04:42
<p>Information published.</p>
mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
Mariner
Linux
Yes
CVE-2026-46158
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:04:50
<p>Information published.</p>
2.0
2026-05-30T14:12:25
<p>Information published.</p>
drm/amdkfd: validate SVM ioctl nattr against buffer size
Mariner
Linux
Yes
CVE-2026-46197
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U
21344-17084
1.0
2026-05-29T01:04:57
<p>Information published.</p>
2.0
2026-05-30T14:12:30
<p>Information published.</p>
drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
Mariner
Linux
Yes
CVE-2026-46220
21344-17084
21344-17084
Moderate
21344-17084
6.6
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U
21344-17084
1.0
2026-05-29T01:04:59
<p>Information published.</p>
2.0
2026-05-30T01:44:04
<p>Information published.</p>
dm-thin: fix metadata refcount underflow
Mariner
Linux
Yes
CVE-2026-46107
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:05:13
<p>Information published.</p>
2.0
2026-05-30T01:44:14
<p>Information published.</p>
RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()
Mariner
Linux
Yes
CVE-2026-46176
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:05:19
<p>Information published.</p>
2.0
2026-05-30T14:12:45
<p>Information published.</p>
scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
Mariner
Linux
Yes
CVE-2026-46149
21344-17084
21344-17084
Moderate
21344-17084
6.1
5.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U
21344-17084
1.0
2026-05-29T01:05:21
<p>Information published.</p>
2.0
2026-05-30T01:44:19
<p>Information published.</p>
batman-adv: stop tp_meter sessions during mesh teardown
Mariner
Linux
Yes
CVE-2026-46208
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:05:27
<p>Information published.</p>
2.0
2026-05-30T14:12:50
<p>Information published.</p>
xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
Mariner
Linux
Yes
CVE-2026-46116
21344-17084
21344-17084
Moderate
21344-17084
6.1
5.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U
21344-17084
1.0
2026-05-29T01:05:37
<p>Information published.</p>
2.0
2026-05-30T01:44:30
<p>Information published.</p>
spi: rspi: fix controller deregistration
Mariner
Linux
Yes
CVE-2026-46225
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21344-17084
1.0
2026-05-29T01:05:37
<p>Information published.</p>
2.0
2026-05-30T14:12:56
<p>Information published.</p>
media: rc: xbox_remote: heed DMA restrictions
Mariner
Linux
Yes
CVE-2026-46236
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:05:44
<p>Information published.</p>
2.0
2026-05-30T01:44:35
<p>Information published.</p>
btrfs: fix double free in create_space_info_sub_group() error path
Mariner
Linux
Yes
CVE-2026-46164
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:05:44
<p>Information published.</p>
2.0
2026-05-30T14:13:01
<p>Information published.</p>
RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()
Mariner
Linux
Yes
CVE-2026-46127
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:05:51
<p>Information published.</p>
2.0
2026-05-30T14:13:06
<p>Information published.</p>
ipmi: Add limits to event and receive message requests
Mariner
Linux
Yes
CVE-2026-46177
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21344-17084
1.0
2026-05-29T01:06:06
<p>Information published.</p>
2.0
2026-05-30T01:44:50
<p>Information published.</p>
smb/client: fix out-of-bounds read in smb2_compound_op()
Mariner
Linux
Yes
CVE-2026-46155
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:06:07
<p>Information published.</p>
2.0
2026-05-30T14:13:16
<p>Information published.</p>
wifi: mt76: mt7921: fix a potential clc buffer length underflow
Mariner
Linux
Yes
CVE-2026-46136
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:06:14
<p>Information published.</p>
2.0
2026-05-30T14:13:22
<p>Information published.</p>
net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo
Mariner
Linux
Yes
CVE-2026-46132
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U
21344-17084
1.0
2026-05-29T01:05:59
<p>Information published.</p>
2.0
2026-05-30T14:13:11
<p>Information published.</p>
mptcp: pm: ADD_ADDR rtx: free sk if last
Mariner
Linux
Yes
CVE-2026-46170
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:06:28
<p>Information published.</p>
2.0
2026-05-30T01:45:05
<p>Information published.</p>
mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
Mariner
Linux
Yes
CVE-2026-46190
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:06:29
<p>Information published.</p>
2.0
2026-05-30T14:13:32
<p>Information published.</p>
drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
Mariner
Linux
Yes
CVE-2026-46230
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21344-17084
1.0
2026-05-29T01:06:35
<p>Information published.</p>
2.0
2026-05-30T01:45:10
<p>Information published.</p>
f2fs: fix fsck inconsistency caused by FGGC of node block
Mariner
Linux
Yes
CVE-2026-46175
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:06:21
<p>Information published.</p>
2.0
2026-05-30T14:13:27
<p>Information published.</p>
Bluetooth: virtio_bt: clamp rx length before skb_put
Mariner
Linux
Yes
CVE-2026-46123
21344-17084
21344-17084
Low
21344-17084
3.3
3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U
21344-17084
1.0
2026-05-29T01:06:43
<p>Information published.</p>
2.0
2026-05-30T01:45:15
<p>Information published.</p>
batman-adv: stop caching unowned originator pointers in BAT IV
Mariner
Linux
Yes
CVE-2026-46238
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:06:59
<p>Information published.</p>
2.0
2026-05-30T14:13:52
<p>Information published.</p>
ip6_gre: Use cached t->net in ip6erspan_changelink().
Mariner
Linux
Yes
CVE-2026-46120
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U
21344-17084
1.0
2026-05-29T01:07:07
<p>Information published.</p>
2.0
2026-05-30T14:13:57
<p>Information published.</p>
ipmi:si: Return state to normal if message allocation fails
Mariner
Linux
Yes
CVE-2026-46108
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:06:50
<p>Information published.</p>
2.0
2026-05-30T01:45:20
<p>Information published.</p>
wifi: mac80211: drop stray 'static' from fast-RX rx_result
Mariner
Linux
Yes
CVE-2026-46152
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:07:04
<p>Information published.</p>
2.0
2026-05-30T01:45:30
<p>Information published.</p>
RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
Mariner
Linux
Yes
CVE-2026-46112
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U
21344-17084
1.0
2026-05-29T01:07:30
<p>Information published.</p>
2.0
2026-05-30T01:45:50
<p>Information published.</p>
RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
Mariner
Linux
Yes
CVE-2026-46114
21344-17084
21344-17084
Moderate
21344-17084
7.0
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-29T01:07:24
<p>Information published.</p>
2.0
2026-05-30T01:45:45
<p>Information published.</p>
wifi: b43: enforce bounds check on firmware key index in b43_rx()
Mariner
Linux
Yes
CVE-2026-46122
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U
21344-17084
1.0
2026-05-29T01:07:28
<p>Information published.</p>
2.0
2026-05-30T14:14:12
<p>Information published.</p>
ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
Mariner
Linux
Yes
CVE-2026-46146
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U
21344-17084
1.0
2026-05-29T01:07:15
<p>Information published.</p>
2.0
2026-05-30T14:14:02
<p>Information published.</p>
wifi: mac80211: remove station if connection prep fails
Mariner
Linux
Yes
CVE-2026-46125
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
2.0
2026-05-30T01:45:40
<p>Information published.</p>
1.0
2026-05-29T01:07:18
<p>Information published.</p>
sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
Mariner
Linux
Yes
CVE-2026-46227
21344-17084
21344-17084
Moderate
21344-17084
7.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U
21344-17084
1.0
2026-05-29T01:07:33
<p>Information published.</p>
2.0
2026-05-30T01:39:45
<p>Information published.</p>
8021q: delete cleared egress QoS mappings
Mariner
Linux
Yes
CVE-2026-46153
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
2.0
2026-05-30T01:39:51
<p>Information published.</p>
1.0
2026-05-29T01:07:40
<p>Information published.</p>
fanotify: fix false positive on permission events
Mariner
Linux
Yes
CVE-2026-46150
21344-17084
21344-17084
Important
21344-17084
7.8
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U
21344-17084
1.0
2026-05-29T01:07:48
<p>Information published.</p>
2.0
2026-05-30T01:46:05
<p>Information published.</p>
spi: mpc52xx: fix use-after-free on registration failure
Mariner
Linux
Yes
CVE-2026-46241
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:07:42
<p>Information published.</p>
2.0
2026-05-30T01:46:00
<p>Information published.</p>
KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Mariner
Linux
Yes
CVE-2026-46147
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U
21344-17084
1.0
2026-05-29T01:07:53
<p>Information published.</p>
2.0
2026-05-30T01:40:01
<p>Information published.</p>
nvmet-tcp: fix race between ICReq handling and queue teardown
Mariner
Linux
Yes
CVE-2026-46135
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:08:22
<p>Information published.</p>
2.0
2026-05-30T01:40:26
<p>Information published.</p>
RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
Mariner
Linux
Yes
CVE-2026-46189
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:08:05
<p>Information published.</p>
2.0
2026-05-30T01:40:11
<p>Information published.</p>
drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
Mariner
Linux
Yes
CVE-2026-46199
21344-17084
21344-17084
Moderate
21344-17084
6.1
5.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U
21344-17084
1.0
2026-05-29T01:08:50
<p>Information published.</p>
2.0
2026-05-30T01:40:51
<p>Information published.</p>
usb: usblp: fix heap leak in IEEE 1284 device ID via short response
Mariner
Linux
Yes
CVE-2026-46151
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U
21344-17084
1.0
2026-05-29T01:08:56
<p>Information published.</p>
2.0
2026-05-30T01:40:56
<p>Information published.</p>
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory
Mariner
CPANSec
Yes
CVE-2026-42497
Improper Link Resolution Before File Access ('Link Following')
20313-17084
20313-17084
Moderate
20313-17084
7.5
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U
20313-17084
1.0
2026-05-29T01:08:07
<p>Information published.</p>
isofs: validate block number from NFS file handle in isofs_export_iget
Mariner
Linux
Yes
CVE-2026-46124
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:09:07
<p>Information published.</p>
2.0
2026-05-30T01:41:06
<p>Information published.</p>
eventfs: Hold eventfs_mutex and SRCU when remount walks events
Mariner
Linux
Yes
CVE-2026-46106
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
2.0
2026-05-30T01:41:16
<p>Information published.</p>
1.0
2026-05-29T01:09:19
<p>Information published.</p>
RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Mariner
Linux
Yes
CVE-2026-46181
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
2.0
2026-05-30T01:41:36
<p>Information published.</p>
1.0
2026-05-29T01:09:41
<p>Information published.</p>
RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
Mariner
Linux
Yes
CVE-2026-46178
21344-17084
21344-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21344-17084
1.0
2026-05-29T01:09:46
<p>Information published.</p>
2.0
2026-05-30T01:41:42
<p>Information published.</p>
eventpoll: fix ep_remove struct eventpoll / struct file UAF
Mariner
Linux
Yes
CVE-2026-46242
21344-17084
21344-17084
21344-17084
1.0
2026-05-31T01:01:32
<p>Information published.</p>
xfs: close crash window in attr dabtree inactivation
Mariner
Linux
Yes
CVE-2026-43053
21248-17084
21308-17084
21332-17084
21344-17084
21248-17084
21308-17084
21332-17084
21344-17084
Moderate
21248-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-02T01:01:52
<p>Information published.</p>
2.0
2026-05-04T14:38:15
<p>Information published.</p>
3.0
2026-05-06T14:45:49
<p>Information published.</p>
4.0
2026-05-11T01:39:35
<p>Information published.</p>
5.0
2026-05-17T14:40:32
<p>Information published.</p>
HID: core: Mitigate potential OOB by removing bogus memset()
Mariner
Linux
Yes
CVE-2026-43048
21248-17084
21308-17084
21332-17084
21344-17084
21248-17084
21308-17084
21332-17084
21344-17084
Important
21248-17084
Important
21308-17084
Important
21332-17084
Moderate
21344-17084
8.8
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21248-17084
8.8
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21308-17084
8.8
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-02T01:01:58
<p>Information published.</p>
3.0
2026-05-06T14:45:58
<p>Information published.</p>
5.1
2026-05-22T01:42:54
<p>Information published.</p>
2.0
2026-05-04T14:38:20
<p>Information published.</p>
4.0
2026-05-11T01:39:43
<p>Information published.</p>
5.0
2026-05-17T14:40:42
<p>Information published.</p>
ALSA: ctxfi: Check the error for index mapping
Mariner
Linux
Yes
CVE-2026-31777
21248-17084
21332-17084
21308-17084
21344-17084
21248-17084
21332-17084
21308-17084
21344-17084
Important
21248-17084
Important
21332-17084
Important
21308-17084
Important
21344-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2026-05-02T01:02:03
<p>Information published.</p>
4.0
2026-05-11T01:39:51
<p>Information published.</p>
6.0
2026-05-19T01:41:16
<p>Information published.</p>
2.0
2026-05-04T14:38:26
<p>Information published.</p>
3.0
2026-05-06T14:46:07
<p>Information published.</p>
5.0
2026-05-17T14:40:51
<p>Information published.</p>
usb: gadget: f_rndis: Fix net_device lifecycle with device_move
Mariner
Linux
Yes
CVE-2026-31722
21248-17084
21308-17084
21332-17084
21344-17084
21248-17084
21308-17084
21332-17084
21344-17084
Important
21248-17084
Important
21308-17084
Important
21332-17084
Important
21344-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2026-05-02T01:02:09
<p>Information published.</p>
2.0
2026-05-04T14:38:32
<p>Information published.</p>
6.0
2026-05-19T01:41:24
<p>Information published.</p>
3.0
2026-05-06T14:46:15
<p>Information published.</p>
4.0
2026-05-11T01:39:59
<p>Information published.</p>
5.0
2026-05-17T14:41:01
<p>Information published.</p>
usb: gadget: f_ecm: Fix net_device lifecycle with device_move
Mariner
Linux
Yes
CVE-2026-31725
21248-17084
21308-17084
21332-17084
21344-17084
21248-17084
21308-17084
21332-17084
21344-17084
Important
21248-17084
Important
21308-17084
Important
21332-17084
Important
21344-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2026-05-02T01:02:31
<p>Information published.</p>
4.0
2026-05-11T01:40:24
<p>Information published.</p>
6.0
2026-05-19T01:41:31
<p>Information published.</p>
2.0
2026-05-04T14:38:50
<p>Information published.</p>
3.0
2026-05-06T14:46:41
<p>Information published.</p>
5.0
2026-05-17T14:41:33
<p>Information published.</p>
HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure
Mariner
Linux
Yes
CVE-2026-43049
21248-17084
21308-17084
21332-17084
21344-17084
21248-17084
21308-17084
21332-17084
21344-17084
Important
21248-17084
Important
21308-17084
Important
21332-17084
Moderate
21344-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-02T01:02:36
<p>Information published.</p>
3.0
2026-05-06T14:46:50
<p>Information published.</p>
4.0
2026-05-11T01:40:33
<p>Information published.</p>
5.1
2026-05-22T01:43:11
<p>Information published.</p>
2.0
2026-05-04T14:38:55
<p>Information published.</p>
5.0
2026-05-17T14:41:43
<p>Information published.</p>
Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists
Mariner
Linux
Yes
CVE-2026-43022
21248-17084
21344-17084
21248-17084
21344-17084
21248-17084
21344-17084
2.0
2026-05-24T14:42:31
<p>Information published.</p>
1.0
2026-05-02T01:02:42
<p>Information published.</p>
ksmbd: require minimum ACE size in smb_check_perm_dacl()
Mariner
Linux
Yes
CVE-2026-31712
21248-17084
21332-17084
21308-17084
21344-17084
21248-17084
21332-17084
21308-17084
21344-17084
Important
21248-17084
Important
21332-17084
Important
21308-17084
Important
21344-17084
8.3
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
21248-17084
8.3
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
21332-17084
8.3
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
21308-17084
8.3
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
21344-17084
1.0
2026-05-02T01:03:15
<p>Information published.</p>
4.0
2026-05-11T01:41:15
<p>Information published.</p>
6.0
2026-05-22T01:43:46
<p>Information published.</p>
2.0
2026-05-04T14:39:23
<p>Information published.</p>
3.0
2026-05-06T14:47:35
<p>Information published.</p>
5.0
2026-05-17T14:42:32
<p>Information published.</p>
Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
Mariner
Linux
Yes
CVE-2026-43019
21248-17084
21332-17084
21308-17084
21344-17084
21248-17084
21332-17084
21308-17084
21344-17084
Important
21248-17084
Important
21332-17084
Important
21308-17084
Moderate
21344-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2026-05-02T01:03:26
<p>Information published.</p>
2.0
2026-05-04T14:39:35
<p>Information published.</p>
4.0
2026-05-11T01:41:32
<p>Information published.</p>
3.0
2026-05-06T14:47:52
<p>Information published.</p>
5.0
2026-05-17T14:42:48
<p>Information published.</p>
5.1
2026-05-22T01:43:56
<p>Information published.</p>
usb: typec: ucsi: validate connector number in ucsi_notify_common()
Mariner
Linux
Yes
CVE-2026-31729
21248-17084
21