{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability","@odata.count":19173,"value":[{"id":"00000000-0000-0000-0000-00000a4591c3","releaseDate":"2026-04-29T01:06:32-07:00","cveNumber":"CVE-2026-31563","cveTitle":"net: macb: Use dev_consume_skb_any() to free TX SKBs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:58:53-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31563","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31563","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"Linux","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31563","version":1,"revisionDate":"2026-04-29T01:06:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"944800a4-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31563","version":2,"revisionDate":"2026-04-29T14:58:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"922126ed-db43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b3a609c4","releaseDate":"2026-04-28T07:00:42-07:00","cveNumber":"CVE-2026-6920","cveTitle":"Chromium: CVE-2026-6920 Out of bounds read in GPU","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-28T07:00:42-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6920","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6920","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.87</td>\n<td>04/248/2026</td>\n<td>147.0.7727.118</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-6920","version":1,"revisionDate":"2026-04-28T07:00:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"62d0965f-3940-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009c18407a","releaseDate":"2026-04-26T01:09:15-07:00","cveNumber":"CVE-2026-31679","cveTitle":"openvswitch: validate MPLS set/set_masked payload length","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:40-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31679","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31679","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31679","version":1,"revisionDate":"2026-04-26T01:09:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ba5c6489-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31679","version":1.1,"revisionDate":"2026-04-27T14:46:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce7110ef-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31679","version":3,"revisionDate":"2026-04-29T14:54:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b832975a-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31679","version":2,"revisionDate":"2026-04-29T01:42:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"eaa069ac-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000095d1fa4c","releaseDate":"2026-04-26T01:09:09-07:00","cveNumber":"CVE-2026-31674","cveTitle":"netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:25-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31674","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31674","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31674","version":1.1,"revisionDate":"2026-04-27T14:46:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e17f79e8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31674","version":3,"revisionDate":"2026-04-29T14:54:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4de21f4e-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31674","version":1,"revisionDate":"2026-04-26T01:09:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a6d9fd87-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31674","version":2,"revisionDate":"2026-04-29T01:42:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2e3135a5-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f2150e7d","releaseDate":"2026-04-26T01:09:04-07:00","cveNumber":"CVE-2026-31682","cveTitle":"bridge: br_nd_send: linearize skb before parsing ND options","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:10-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31682","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31682","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31682","version":1.1,"revisionDate":"2026-04-27T14:46:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"da7f79e8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31682","version":2,"revisionDate":"2026-04-29T01:42:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"296415a1-6c43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31682","version":1,"revisionDate":"2026-04-26T01:09:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0c050382-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31682","version":3,"revisionDate":"2026-04-29T14:54:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"df584b45-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000001a498d7","releaseDate":"2026-04-26T01:08:45-07:00","cveNumber":"CVE-2026-31678","cveTitle":"openvswitch: defer tunnel netdev_put to RCU release","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:53:27-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31678","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31678","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31678","version":2,"revisionDate":"2026-04-27T14:46:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"df1062dc-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31678","version":1,"revisionDate":"2026-04-26T01:08:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"42f21374-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31678","version":3,"revisionDate":"2026-04-29T14:53:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c6ca3630-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000028ff5cc2","releaseDate":"2026-04-26T01:08:39-07:00","cveNumber":"CVE-2026-31680","cveTitle":"net: ipv6: flowlabel: defer exclusive option free until RCU teardown","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:53:11-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31680","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31680","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31680","version":2,"revisionDate":"2026-04-27T14:46:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"571aa7d5-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31680","version":1,"revisionDate":"2026-04-26T01:08:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2ef21374-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31680","version":3,"revisionDate":"2026-04-29T14:53:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f810a826-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003046a2ef","releaseDate":"2026-04-26T01:08:22-07:00","cveNumber":"CVE-2026-31675","cveTitle":"net/sched: sch_netem: fix out-of-bounds access in packet corruption","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:52:28-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31675","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31675","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31675","version":1.1,"revisionDate":"2026-04-27T14:46:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79e513cf-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31675","version":3,"revisionDate":"2026-04-29T14:52:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0950620c-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31675","version":1,"revisionDate":"2026-04-26T01:08:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2fbefd66-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31675","version":2,"revisionDate":"2026-04-29T01:41:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79032392-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d15b427e","releaseDate":"2026-04-26T01:07:39-07:00","cveNumber":"CVE-2026-31591","cveTitle":"KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:41:14-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31591","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31591","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31591","version":1.1,"revisionDate":"2026-04-27T14:46:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"72e513cf-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31591","version":1,"revisionDate":"2026-04-26T01:07:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d4352252-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31591","version":2,"revisionDate":"2026-04-29T14:41:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"679e4f76-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000cb730465","releaseDate":"2026-04-26T01:07:10-07:00","cveNumber":"CVE-2026-31601","cveTitle":"vfio/xe: Reorganize the init to decouple migration from reset","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:40:06-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31601","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31601","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31601","version":2,"revisionDate":"2026-04-27T14:45:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0d8e4abb-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31601","version":1,"revisionDate":"2026-04-26T01:07:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4f94863d-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31601","version":3,"revisionDate":"2026-04-29T14:40:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4e26ba4e-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a318407a","releaseDate":"2026-04-26T01:06:38-07:00","cveNumber":"CVE-2026-31609","cveTitle":"smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:38:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31609","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31609","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31609","version":1,"revisionDate":"2026-04-26T01:06:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aaf0cd2d-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31609","version":1.1,"revisionDate":"2026-04-27T14:45:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"841455a8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31609","version":2,"revisionDate":"2026-04-29T14:38:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9702bf2a-d943-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000030ff5cc2","releaseDate":"2026-04-26T01:05:45-07:00","cveNumber":"CVE-2026-31600","cveTitle":"arm64: mm: Handle invalid large leaf mappings correctly","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T15:00:22-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31600","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31600","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31600","version":3,"revisionDate":"2026-04-29T15:00:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a5e47d20-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31600","version":1,"revisionDate":"2026-04-26T01:05:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b6974f08-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31600","version":2,"revisionDate":"2026-04-27T14:44:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"67e03a8e-4742-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000069924b17","releaseDate":"2026-04-26T01:05:40-07:00","cveNumber":"CVE-2026-32147","cveTitle":"SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T01:40:02-07:00","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"mitreText":"CVE-2026-32147","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32147","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"EEF","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-32147","version":1,"revisionDate":"2026-04-26T01:05:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"61bf0f0a-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32147","version":2,"revisionDate":"2026-04-27T14:44:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e7d5788-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32147","version":3,"revisionDate":"2026-04-29T01:40:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c52f6654-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000008a498d7","releaseDate":"2026-04-26T01:05:27-07:00","cveNumber":"CVE-2026-31608","cveTitle":"smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:59:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31608","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31608","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31608","version":1.1,"revisionDate":"2026-04-27T14:43:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"47fb4282-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31608","version":2,"revisionDate":"2026-04-29T14:59:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f4b9dc12-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31608","version":1,"revisionDate":"2026-04-26T01:05:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b97c3f02-0c41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fec9a362","releaseDate":"2026-04-26T01:05:18-07:00","cveNumber":"CVE-2026-23414","cveTitle":"tls: Purge async_hold in tls_decrypt_async_wait()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:48:15-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23414","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23414","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23414","version":2,"revisionDate":"2026-04-27T14:43:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5421337c-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23414","version":3,"revisionDate":"2026-04-29T14:48:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7b85fa73-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23414","version":1,"revisionDate":"2026-04-26T01:05:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9e4dc8fa-0b41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b8f81604","releaseDate":"2026-04-26T01:05:06-07:00","cveNumber":"CVE-2026-23360","cveTitle":"nvme: fix admin queue leak on controller reset","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:47:46-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23360","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23360","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23360","version":2,"revisionDate":"2026-04-27T14:43:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"326c6275-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23360","version":1,"revisionDate":"2026-04-26T01:05:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c0e66cf4-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-23360","version":3,"revisionDate":"2026-04-29T14:47:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0caaee5e-da43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005bb4601d","releaseDate":"2026-04-26T01:05:00-07:00","cveNumber":"CVE-2026-41411","cveTitle":"Vim: Command injection via backtick expansion in tag filenames","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T01:39:36-07:00","cweList":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/78.html"],"mitreText":"CVE-2026-41411","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41411","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.6","temporalScore":"6.6","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","https://cwe.mitre.org/data/definitions/78.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41411","version":2,"revisionDate":"2026-04-27T14:43:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3342136f-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41411","version":3,"revisionDate":"2026-04-29T01:06:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"15f8fbb6-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41411","version":1,"revisionDate":"2026-04-26T01:05:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce0a59ee-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-41411","version":4,"revisionDate":"2026-04-29T01:39:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ad4d545-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c9730465","releaseDate":"2026-04-26T01:04:10-07:00","cveNumber":"CVE-2026-31621","cveTitle":"bnge: return after auxiliary_device_uninit() in error path","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:46:38-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31621","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31621","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31621","version":1,"revisionDate":"2026-04-26T01:04:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dadb91d4-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31621","version":2,"revisionDate":"2026-04-27T14:42:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"035dca5a-4742-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31621","version":3,"revisionDate":"2026-04-29T14:46:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6973723c-da43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000402ee008","releaseDate":"2026-04-26T01:04:07-07:00","cveNumber":"CVE-2026-31565","cveTitle":"RDMA/irdma: Fix deadlock during netdev reset with active connections","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:57:41-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31565","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31565","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31565","version":1,"revisionDate":"2026-04-26T01:04:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1726b7d0-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31565","version":2,"revisionDate":"2026-04-27T14:42:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"eeb31250-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31565","version":4,"revisionDate":"2026-04-29T14:57:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ba6eebc1-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31565","version":3,"revisionDate":"2026-04-29T01:02:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2fb16c26-6743-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006ed0e920","releaseDate":"2026-04-26T01:03:43-07:00","cveNumber":"CVE-2026-31570","cveTitle":"can: gw: fix OOB heap access in cgw_csum_crc8_rel()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:56:43-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31570","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31570","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31570","version":1,"revisionDate":"2026-04-26T01:03:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"31be8ec3-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31570","version":1.1,"revisionDate":"2026-04-27T14:42:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f8503642-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31570","version":2,"revisionDate":"2026-04-29T01:03:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fd614028-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31570","version":3,"revisionDate":"2026-04-29T01:42:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2b6415a1-6c43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31570","version":4,"revisionDate":"2026-04-29T14:56:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e3eac1a0-db43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000118cd6f0","releaseDate":"2026-04-26T01:03:25-07:00","cveNumber":"CVE-2026-31566","cveTitle":"drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:55:58-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31566","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31566","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31566","version":3,"revisionDate":"2026-04-29T14:55:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9b5c0786-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31566","version":1,"revisionDate":"2026-04-26T01:03:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f6465dba-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31566","version":1.1,"revisionDate":"2026-04-27T14:41:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6855a63c-4742-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31566","version":2,"revisionDate":"2026-04-29T01:41:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"77032392-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000aa007e93","releaseDate":"2026-04-26T01:02:55-07:00","cveNumber":"CVE-2026-31589","cveTitle":"mm: call ->free_folio() directly in folio_unmap_invalidate()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:48-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31589","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31589","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31589","version":1,"revisionDate":"2026-04-26T01:02:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4c8794a7-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31589","version":1.1,"revisionDate":"2026-04-27T14:41:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc16d626-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31589","version":2,"revisionDate":"2026-04-29T14:54:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"220a7c5d-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000074591c3","releaseDate":"2026-04-26T01:02:06-07:00","cveNumber":"CVE-2026-31593","cveTitle":"KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:53:05-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31593","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31593","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31593","version":1.1,"revisionDate":"2026-04-27T14:40:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"69a1b20a-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31593","version":2,"revisionDate":"2026-04-29T14:53:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cae41621-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31593","version":1,"revisionDate":"2026-04-26T01:02:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c27f2088-0b41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002eff5cc2","releaseDate":"2026-04-26T01:02:00-07:00","cveNumber":"CVE-2026-31620","cveTitle":"ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:52:49-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31620","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31620","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31620","version":3,"revisionDate":"2026-04-29T14:52:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c9559b13-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31620","version":1,"revisionDate":"2026-04-26T01:02:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b37f2088-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31620","version":2,"revisionDate":"2026-04-27T14:40:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cacf280b-4742-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000412ee008","releaseDate":"2026-04-26T01:01:37-07:00","cveNumber":"CVE-2026-31555","cveTitle":"futex: Clear stale exiting pointer in futex_lock_pi() retry path","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:51:52-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31555","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31555","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31555","version":1.1,"revisionDate":"2026-04-27T14:40:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce24b7fe-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31555","version":2,"revisionDate":"2026-04-29T01:02:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5a6e771b-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31555","version":4,"revisionDate":"2026-04-29T14:51:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9238f2f3-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31555","version":1,"revisionDate":"2026-04-26T01:01:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b4a87075-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31555","version":3,"revisionDate":"2026-04-29T01:40:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d9014b5b-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000041394454","releaseDate":"2026-04-26T01:01:24-07:00","cveNumber":"CVE-2026-41079","cveTitle":"OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:51:25-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-41079","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41079","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.3","temporalScore":"4.3","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41079","version":2,"revisionDate":"2026-04-27T14:39:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce87c6f7-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41079","version":3,"revisionDate":"2026-04-29T01:01:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c4ab20ee-6643-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41079","version":4,"revisionDate":"2026-04-29T14:51:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d25b13e7-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41079","version":1,"revisionDate":"2026-04-26T01:01:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8ac50d6f-0b41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b2a609c4","releaseDate":"2026-04-24T23:57:43-07:00","cveNumber":"CVE-2026-6921","cveTitle":"Chromium: CVE-2026-6921 Race in GPU","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T23:57:43-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6921","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6921","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.86</td>\n<td>04/24/2026</td>\n<td>147.0.7727.116/.117</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-6921","version":1,"revisionDate":"2026-04-24T23:57:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"74d0965f-3940-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e94813dc","releaseDate":"2026-04-24T23:57:39-07:00","cveNumber":"CVE-2026-6919","cveTitle":"Chromium: CVE-2026-6919 Use after free in DevTools","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-28T07:00:00-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6919","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6919","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>\n<p>Yes. Customers should apply all updates offered for the software installed on their systems.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.86</td>\n<td>04/24/2026</td>\n<td>147.0.7727.116/.117</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-6919","version":1.2,"revisionDate":"2026-04-28T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Added a second Security Only package to Edge security update. This is an informational change only.</p>\n","unformattedDescription":"Added a second Security Only package to Edge security update. This is an informational change only.","notificationNeeded":true,"notificationSent":true,"sourceId":"171958db-2643-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6919","version":1,"revisionDate":"2026-04-24T23:57:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"50d0965f-3940-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e3e9588a","releaseDate":"2026-04-24T01:05:11-07:00","cveNumber":"CVE-2026-41989","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:51:09-07:00","cweList":["CWE-787: Out-of-bounds Write"],"cweDetailsListForSearch":["cwe: CWE-787: Out-of-bounds Write","cweUrl: https://cwe.mitre.org/data/definitions/787.html"],"mitreText":"CVE-2026-41989","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41989","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.7","temporalScore":"6.7","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-787: Out-of-bounds Write","https://cwe.mitre.org/data/definitions/787.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41989","version":1,"revisionDate":"2026-04-24T01:05:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a0dab8a0-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41989","version":2,"revisionDate":"2026-04-25T01:05:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"606a6ae1-4240-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41989","version":3,"revisionDate":"2026-04-29T14:51:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6c05e1d9-da43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00002010d863","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-21515","cveTitle":"Azure IoT Central Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-21515","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21515","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure IOT Central","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.9","temporalScore":"8.6","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"Azure IOT Central Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-21515","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fa380e94-7bf7-f011-9399-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000073d99044","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-32172","cveTitle":"Microsoft Power Apps Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-427: Uncontrolled Search Path Element"],"cweDetailsListForSearch":["cwe: CWE-427: Uncontrolled Search Path Element","cweUrl: https://cwe.mitre.org/data/definitions/427.html"],"unformattedDescription":"Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-32172","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32172","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Power Apps","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.0","temporalScore":"7.0","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-427: Uncontrolled Search Path Element","https://cwe.mitre.org/data/definitions/427.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"Microsoft Power Apps Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32172","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7da4bde2-4a21-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004e63d875","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-35431","cveTitle":"Microsoft Entra ID Entitlement Management Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-918: Server-Side Request Forgery (SSRF)"],"cweDetailsListForSearch":["cwe: CWE-918: Server-Side Request Forgery (SSRF)","cweUrl: https://cwe.mitre.org/data/definitions/918.html"],"unformattedDescription":"Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-35431","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35431","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Entra ID Entitlement Management","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"10.0","temporalScore":"8.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-918: Server-Side Request Forgery (SSRF)","https://cwe.mitre.org/data/definitions/918.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"Microsoft Entra ID Entitlement Management Spoofing Vulnerability","articleType":"100000000","description":"<p>Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35431","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"09736aa7-e138-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fc836f61","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-24303","cveTitle":"Microsoft Partner Center Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-24303","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-24303","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Partner Center","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.6","temporalScore":"8.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"Microsoft Partner Center Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-24303","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"62c74088-0dd5-f011-9395-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000064e8ea14","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-26150","cveTitle":"Microsoft Purview eDiscovery Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-918: Server-Side Request Forgery (SSRF)"],"cweDetailsListForSearch":["cwe: CWE-918: Server-Side Request Forgery (SSRF)","cweUrl: https://cwe.mitre.org/data/definitions/918.html"],"unformattedDescription":"Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-26150","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26150","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Purview","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.6","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-918: Server-Side Request Forgery (SSRF)","https://cwe.mitre.org/data/definitions/918.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"Microsoft Purview Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26150","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2e6a6293-8f1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007e1ea5fb","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-33819","cveTitle":"Microsoft Bing Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-33819","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33819","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Bing","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"10.0","temporalScore":"8.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"title":"Microsoft Bing Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"title":"Microsoft Bing Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33819","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d47c053c-212e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000055d99044","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-33102","cveTitle":"Microsoft 365 Copilot Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"],"cweDetailsListForSearch":["cwe: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')","cweUrl: https://cwe.mitre.org/data/definitions/601.html"],"unformattedDescription":"Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-33102","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33102","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"M365 Copilot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.3","temporalScore":"8.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-601: URL Redirection to Untrusted Site ('Open Redirect')","https://cwe.mitre.org/data/definitions/601.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"M365 Copilot Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33102","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ff9c04cc-6229-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000fa1eb5a0","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-32210","cveTitle":"Microsoft Dynamics 365 (online) Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-918: Server-Side Request Forgery (SSRF)"],"cweDetailsListForSearch":["cwe: CWE-918: Server-Side Request Forgery (SSRF)","cweUrl: https://cwe.mitre.org/data/definitions/918.html"],"unformattedDescription":"Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-32210","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32210","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Dynamics 365 (Online)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"9.3","temporalScore":"8.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-918: Server-Side Request Forgery (SSRF)","https://cwe.mitre.org/data/definitions/918.html"]}],"articles":[{"title":"Microsoft Dynamics 365 (Online) Spoofing Vulnerability","articleType":"100000000","description":"<p>Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32210","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"af076647-7028-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000019beba7e","releaseDate":"2026-04-23T01:11:06-07:00","cveNumber":"CVE-2026-6409","cveTitle":"Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:49:27-07:00","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"mitreText":"CVE-2026-6409","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6409","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Google","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6409","version":1,"revisionDate":"2026-04-23T01:11:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d570194a-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6409","version":3,"revisionDate":"2026-04-29T14:50:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bcd338b9-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6409","version":2,"revisionDate":"2026-04-24T14:44:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e6bd1025-ec3f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-6409","version":4,"revisionDate":"2026-04-30T01:49:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3a4ceed1-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d85b427e","releaseDate":"2026-04-23T01:10:06-07:00","cveNumber":"CVE-2026-31521","cveTitle":"module: Fix kernel panic when a symbol st_shndx is out of bounds","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:13:42-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31521","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31521","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31521","version":3,"revisionDate":"2026-04-29T14:49:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"522caea0-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31521","version":1,"revisionDate":"2026-04-23T01:10:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1eee652a-b13e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31521","version":1.1,"revisionDate":"2026-04-23T14:41:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cc0e9c79-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31521","version":2,"revisionDate":"2026-04-24T01:39:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1841fb72-7e3f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31521","version":4,"revisionDate":"2026-04-30T01:13:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3cfcf0ce-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000044d27bb","releaseDate":"2026-04-23T01:09:55-07:00","cveNumber":"CVE-2026-31473","cveTitle":"media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:49:06-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31473","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31473","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31473","version":1,"revisionDate":"2026-04-23T01:09:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4da35820-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31473","version":2,"revisionDate":"2026-04-24T01:39:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c3d0b26f-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31473","version":3,"revisionDate":"2026-04-29T01:01:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"89b951fa-6643-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31473","version":4,"revisionDate":"2026-04-29T14:49:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9f23ab93-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31473","version":1.1,"revisionDate":"2026-04-23T14:41:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8c830a73-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000035ef30d3","releaseDate":"2026-04-23T01:09:49-07:00","cveNumber":"CVE-2026-31450","cveTitle":"ext4: publish jinode after initialization","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:48:51-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31450","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31450","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31450","version":1,"revisionDate":"2026-04-23T01:09:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"48a35820-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31450","version":1.1,"revisionDate":"2026-04-23T14:40:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bbcbce71-223f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31450","version":2,"revisionDate":"2026-04-24T01:39:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"66fa2669-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31450","version":3,"revisionDate":"2026-04-29T14:48:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c5e67d87-da43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00009dc1ce5d","releaseDate":"2026-04-23T01:09:44-07:00","cveNumber":"CVE-2026-31494","cveTitle":"net: macb: use the current queue number for stats","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:13:23-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31494","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31494","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31494","version":3,"revisionDate":"2026-04-29T14:48:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7dbc0081-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31494","version":1,"revisionDate":"2026-04-23T01:09:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e2e5261d-b13e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31494","version":1.1,"revisionDate":"2026-04-23T14:40:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f3caab6c-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31494","version":2,"revisionDate":"2026-04-24T01:39:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c567666a-7e3f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31494","version":4,"revisionDate":"2026-04-30T01:13:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fe63d1c8-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000aab93866","releaseDate":"2026-04-23T01:09:38-07:00","cveNumber":"CVE-2026-31512","cveTitle":"Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:48:21-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31512","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31512","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31512","version":3,"revisionDate":"2026-04-29T14:48:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7f85fa73-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31512","version":1,"revisionDate":"2026-04-23T01:09:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9088f514-b13e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31512","version":2,"revisionDate":"2026-04-23T14:40:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"99a65166-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31512","version":4,"revisionDate":"2026-04-30T01:13:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2edeaac2-3144-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31512","version":5,"revisionDate":"2026-04-30T01:48:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1e6362aa-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000067d87f18","releaseDate":"2026-04-23T01:09:33-07:00","cveNumber":"CVE-2026-31492","cveTitle":"RDMA/irdma: Initialize free_qp completion before using it","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:48:09-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31492","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31492","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31492","version":1,"revisionDate":"2026-04-23T01:09:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2d0e2f12-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31492","version":2,"revisionDate":"2026-04-23T14:40:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7ea65166-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31492","version":3,"revisionDate":"2026-04-29T14:48:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"65acbf6c-da43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31492","version":4,"revisionDate":"2026-04-30T01:13:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a5fd45bc-3144-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31492","version":5,"revisionDate":"2026-04-30T01:48:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3b1166a4-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000711fc545","releaseDate":"2026-04-23T01:09:27-07:00","cveNumber":"CVE-2026-31467","cveTitle":"erofs: add GFP_NOIO in the bio completion if needed","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:47:45-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31467","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31467","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31467","version":1,"revisionDate":"2026-04-23T01:09:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1a0e2f12-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31467","version":2,"revisionDate":"2026-04-23T14:40:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7342b95f-223f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31467","version":3,"revisionDate":"2026-04-29T14:47:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e76af35f-da43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000442ee008","releaseDate":"2026-04-23T01:09:22-07:00","cveNumber":"CVE-2026-31525","cveTitle":"bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:47:28-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31525","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31525","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31525","version":1,"revisionDate":"2026-04-23T01:09:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"74c6ac0b-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31525","version":3,"revisionDate":"2026-04-29T14:47:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e39c7e58-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31525","version":1.1,"revisionDate":"2026-04-23T14:40:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a7c3155f-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31525","version":2,"revisionDate":"2026-04-24T01:39:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e5127161-7e3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000064d27bb","releaseDate":"2026-04-23T01:09:17-07:00","cveNumber":"CVE-2026-31453","cveTitle":"xfs: avoid dereferencing log items after push callbacks","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:47:12-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31453","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31453","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31453","version":1,"revisionDate":"2026-04-23T01:09:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"63c6ac0b-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31453","version":2,"revisionDate":"2026-04-24T01:39:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79c16e5f-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31453","version":1.1,"revisionDate":"2026-04-23T14:40:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fb15df58-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31453","version":3,"revisionDate":"2026-04-29T14:47:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6b37ab50-da43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000009946ce8","releaseDate":"2026-04-23T01:09:11-07:00","cveNumber":"CVE-2026-31498","cveTitle":"Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:47:57-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31498","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31498","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31498","version":3,"revisionDate":"2026-04-29T14:46:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"56410e45-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31498","version":4,"revisionDate":"2026-04-30T01:12:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"50cbaab3-3144-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31498","version":1,"revisionDate":"2026-04-23T01:09:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"daffb708-b13e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31498","version":2,"revisionDate":"2026-04-23T14:40:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f015df58-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31498","version":5,"revisionDate":"2026-04-30T01:47:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a6a0ad9d-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000104591c3","releaseDate":"2026-04-23T01:09:06-07:00","cveNumber":"CVE-2026-31503","cveTitle":"udp: Fix wildcard bind conflict check when using hash2","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:12:38-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31503","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31503","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31503","version":1,"revisionDate":"2026-04-23T01:09:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"439d9f01-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31503","version":3,"revisionDate":"2026-04-29T14:46:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"498a7338-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31503","version":2,"revisionDate":"2026-04-23T14:40:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"197d5852-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31503","version":4,"revisionDate":"2026-04-30T01:12:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a05573ae-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000032ef30d3","releaseDate":"2026-04-23T01:09:00-07:00","cveNumber":"CVE-2026-31480","cveTitle":"tracing: Fix potential deadlock in cpu hotplug with osnoise","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:47:35-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31480","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31480","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31480","version":1,"revisionDate":"2026-04-23T01:09:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3b9d9f01-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31480","version":2,"revisionDate":"2026-04-24T01:38:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d0092059-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31480","version":3,"revisionDate":"2026-04-29T01:02:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bbae1c08-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31480","version":4,"revisionDate":"2026-04-29T14:46:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"960bed2b-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31480","version":1.1,"revisionDate":"2026-04-23T14:40:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ff7c5852-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31480","version":5,"revisionDate":"2026-04-30T01:47:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1b27ee8f-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004b752536","releaseDate":"2026-04-23T01:08:55-07:00","cveNumber":"CVE-2026-31528","cveTitle":"perf: Make sure to use pmu_ctx->pmu for groups","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:45:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31528","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31528","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31528","version":2,"revisionDate":"2026-04-24T01:38:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"286d2452-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31528","version":3,"revisionDate":"2026-04-29T14:45:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"48faa125-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31528","version":1,"revisionDate":"2026-04-23T01:08:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"edd27ffc-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31528","version":1.1,"revisionDate":"2026-04-23T14:40:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5964104c-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d063d875","releaseDate":"2026-04-23T01:08:44-07:00","cveNumber":"CVE-2026-31451","cveTitle":"ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:45:32-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31451","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31451","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31451","version":3,"revisionDate":"2026-04-29T14:45:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"41ebdb11-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31451","version":1,"revisionDate":"2026-04-23T01:08:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7cf93bf5-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31451","version":2,"revisionDate":"2026-04-23T14:39:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"78cde045-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b2007e93","releaseDate":"2026-04-23T01:08:38-07:00","cveNumber":"CVE-2026-31509","cveTitle":"nfc: nci: fix circular locking dependency in nci_close_device","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:12:16-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31509","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31509","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31509","version":2,"revisionDate":"2026-04-23T14:39:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d48d2e47-223f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31509","version":3,"revisionDate":"2026-04-29T14:45:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"403b970b-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31509","version":4,"revisionDate":"2026-04-30T01:12:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"604a6c9d-3144-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31509","version":1,"revisionDate":"2026-04-23T01:08:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"70f93bf5-b03e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000701fc545","releaseDate":"2026-04-23T01:08:32-07:00","cveNumber":"CVE-2026-31477","cveTitle":"ksmbd: fix memory leaks and NULL deref in smb2_lock()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:46:51-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31477","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31477","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31477","version":3,"revisionDate":"2026-04-29T01:01:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"533c4b00-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31477","version":4,"revisionDate":"2026-04-29T14:45:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5e57eefe-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31477","version":1,"revisionDate":"2026-04-23T01:08:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a91309ef-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31477","version":2,"revisionDate":"2026-04-23T14:39:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d3fd3d3f-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31477","version":5,"revisionDate":"2026-04-30T01:46:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c2119f73-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000b946ce8","releaseDate":"2026-04-23T01:08:27-07:00","cveNumber":"CVE-2026-31478","cveTitle":"ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:46:36-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31478","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31478","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31478","version":2,"revisionDate":"2026-04-24T01:38:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bd28564a-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31478","version":3,"revisionDate":"2026-04-29T01:01:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5d3c4b00-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31478","version":4,"revisionDate":"2026-04-29T14:44:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6627e7f2-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31478","version":1,"revisionDate":"2026-04-23T01:08:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"971309ef-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31478","version":1.1,"revisionDate":"2026-04-23T14:39:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cdfd3d3f-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31478","version":5,"revisionDate":"2026-04-30T01:46:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"581af06b-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a9b93866","releaseDate":"2026-04-23T01:08:21-07:00","cveNumber":"CVE-2026-31522","cveTitle":"HID: magicmouse: avoid memory leak in magicmouse_report_fixup()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:11:54-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31522","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31522","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31522","version":1,"revisionDate":"2026-04-23T01:08:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"425882eb-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31522","version":3,"revisionDate":"2026-04-29T14:44:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"68f587ec-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31522","version":2,"revisionDate":"2026-04-23T14:39:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"826f4439-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31522","version":4,"revisionDate":"2026-04-30T01:11:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a81a898f-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a2c1ce5d","releaseDate":"2026-04-23T01:08:16-07:00","cveNumber":"CVE-2026-31444","cveTitle":"ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:44:13-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31444","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31444","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31444","version":1,"revisionDate":"2026-04-23T01:08:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d4cbb4e8-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31444","version":2,"revisionDate":"2026-04-23T14:39:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6b6f4439-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31444","version":3,"revisionDate":"2026-04-29T14:44:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3c91d5e5-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000731fc545","releaseDate":"2026-04-23T01:08:10-07:00","cveNumber":"CVE-2026-31447","cveTitle":"ext4: reject mount if bigalloc with s_first_data_block != 0","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:43:57-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31447","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31447","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31447","version":1,"revisionDate":"2026-04-23T01:08:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ad0896e4-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31447","version":3,"revisionDate":"2026-04-29T14:43:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"58e49fd9-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31447","version":2,"revisionDate":"2026-04-23T14:39:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e233d332-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000075d0e920","releaseDate":"2026-04-23T01:08:05-07:00","cveNumber":"CVE-2026-31500","cveTitle":"Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:11:31-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31500","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31500","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31500","version":1,"revisionDate":"2026-04-23T01:08:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"132f39de-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31500","version":2,"revisionDate":"2026-04-24T01:38:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e5d31f41-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31500","version":3,"revisionDate":"2026-04-29T14:43:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e50dcd2-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31500","version":1.1,"revisionDate":"2026-04-23T14:39:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cc9ac72c-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31500","version":4,"revisionDate":"2026-04-30T01:11:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"19fa2d83-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000aa08148b","releaseDate":"2026-04-23T01:07:59-07:00","cveNumber":"CVE-2026-31439","cveTitle":"dmaengine: xilinx: xdma: Fix regmap init error handling","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:43:26-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31439","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31439","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31439","version":3,"revisionDate":"2026-04-29T14:43:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2230b3c5-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31439","version":1,"revisionDate":"2026-04-23T01:07:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"964fb0db-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31439","version":2,"revisionDate":"2026-04-23T14:39:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c39ac72c-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007c172f4e","releaseDate":"2026-04-23T01:07:54-07:00","cveNumber":"CVE-2026-31507","cveTitle":"net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:11:14-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31507","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31507","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31507","version":3,"revisionDate":"2026-04-29T14:43:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1d00a9bf-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31507","version":1,"revisionDate":"2026-04-23T01:07:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"844fb0db-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31507","version":1.1,"revisionDate":"2026-04-23T14:39:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce1caa26-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31507","version":2,"revisionDate":"2026-04-24T01:38:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"146c4b3a-7e3f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31507","version":4,"revisionDate":"2026-04-30T01:11:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d89ed67c-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000e946ce8","releaseDate":"2026-04-23T01:07:48-07:00","cveNumber":"CVE-2026-31448","cveTitle":"ext4: avoid infinite loops caused by residual data","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:42:49-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31448","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31448","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31448","version":1.1,"revisionDate":"2026-04-23T14:38:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4b147d25-223f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31448","version":1,"revisionDate":"2026-04-23T01:07:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"28afeed4-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31448","version":2,"revisionDate":"2026-04-24T01:37:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"126c4b3a-7e3f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31448","version":3,"revisionDate":"2026-04-29T14:42:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"314fb7af-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000034d27bb","releaseDate":"2026-04-23T01:07:43-07:00","cveNumber":"CVE-2026-31483","cveTitle":"s390/syscalls: Add spectre boundary for syscall dispatch table","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:10:57-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31483","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31483","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31483","version":2,"revisionDate":"2026-04-24T01:37:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"542adc36-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31483","version":3,"revisionDate":"2026-04-29T14:42:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ae8ba1a5-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31483","version":4,"revisionDate":"2026-04-30T01:10:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d748c170-3144-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31483","version":1,"revisionDate":"2026-04-23T01:07:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"23afeed4-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31483","version":1.1,"revisionDate":"2026-04-23T14:38:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"45f6af20-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000038367600","releaseDate":"2026-04-23T01:07:37-07:00","cveNumber":"CVE-2026-31495","cveTitle":"netfilter: ctnetlink: use netlink policy range checks","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:10:44-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31495","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31495","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31495","version":3,"revisionDate":"2026-04-29T14:42:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"df6dea9e-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31495","version":1,"revisionDate":"2026-04-23T01:07:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"40137dce-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31495","version":2,"revisionDate":"2026-04-23T14:38:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2bf6af20-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31495","version":4,"revisionDate":"2026-04-30T01:10:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"25907f69-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000039367600","releaseDate":"2026-04-23T01:07:32-07:00","cveNumber":"CVE-2026-31485","cveTitle":"spi: spi-fsl-lpspi: fix teardown order issue (UAF)","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:10:31-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31485","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31485","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31485","version":3,"revisionDate":"2026-04-29T14:41:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a555df92-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31485","version":1,"revisionDate":"2026-04-23T01:07:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"36137dce-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31485","version":2,"revisionDate":"2026-04-23T14:38:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f577441a-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31485","version":4,"revisionDate":"2026-04-30T01:10:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"81e57463-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000084d27bb","releaseDate":"2026-04-23T01:07:26-07:00","cveNumber":"CVE-2026-31433","cveTitle":"ksmbd: fix potencial OOB in get_file_all_info() for compound requests","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:45:42-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31433","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31433","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31433","version":3,"revisionDate":"2026-04-29T14:41:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"04129286-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31433","version":1,"revisionDate":"2026-04-23T01:07:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b8bdf9c7-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31433","version":2,"revisionDate":"2026-04-23T14:38:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ef77441a-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31433","version":4,"revisionDate":"2026-04-30T01:45:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"48805d4a-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b1007e93","releaseDate":"2026-04-23T01:07:21-07:00","cveNumber":"CVE-2026-31519","cveTitle":"btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:10:13-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31519","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31519","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31519","version":2,"revisionDate":"2026-04-23T14:38:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"15a57317-223f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31519","version":3,"revisionDate":"2026-04-29T14:41:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0ee81d80-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31519","version":1,"revisionDate":"2026-04-23T01:07:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a3bdf9c7-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31519","version":4,"revisionDate":"2026-04-30T01:10:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"93d45f56-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000073d0e920","releaseDate":"2026-04-23T01:07:04-07:00","cveNumber":"CVE-2026-31520","cveTitle":"HID: apple: avoid memory leak in apple_report_fixup()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:40:47-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31520","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31520","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31520","version":3,"revisionDate":"2026-04-29T14:40:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"00d05866-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31520","version":1,"revisionDate":"2026-04-23T01:07:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"893babb9-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31520","version":2,"revisionDate":"2026-04-23T14:38:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"34a62b0d-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d8aa1da3","releaseDate":"2026-04-23T01:06:58-07:00","cveNumber":"CVE-2026-31446","cveTitle":"ext4: fix use-after-free in update_super_work when racing with umount","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:40:33-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31446","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31446","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31446","version":1,"revisionDate":"2026-04-23T01:06:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c6ec87b5-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31446","version":2,"revisionDate":"2026-04-23T14:38:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a1940107-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31446","version":3,"revisionDate":"2026-04-29T14:40:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7910645d-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004c752536","releaseDate":"2026-04-23T01:06:53-07:00","cveNumber":"CVE-2026-31518","cveTitle":"esp: fix skb leak with espintcp and async crypto","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:09:33-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31518","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31518","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31518","version":3,"revisionDate":"2026-04-29T14:40:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a0045a59-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31518","version":1,"revisionDate":"2026-04-23T01:06:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c695f8b2-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31518","version":2,"revisionDate":"2026-04-23T14:37:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4171d800-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31518","version":4,"revisionDate":"2026-04-30T01:09:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ed00943d-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000068d87f18","releaseDate":"2026-04-23T01:06:47-07:00","cveNumber":"CVE-2026-31482","cveTitle":"s390/entry: Scrub r12 register on kernel entry","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:44:39-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31482","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31482","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31482","version":1,"revisionDate":"2026-04-23T01:06:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b4a401af-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31482","version":2,"revisionDate":"2026-04-23T14:37:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3971d800-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31482","version":3,"revisionDate":"2026-04-29T14:40:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4726ba4e-d943-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31482","version":4,"revisionDate":"2026-04-30T01:44:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2df9d528-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a1c1ce5d","releaseDate":"2026-04-23T01:06:36-07:00","cveNumber":"CVE-2026-31454","cveTitle":"xfs: save ailp before dropping the AIL lock in push callbacks","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:39:34-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31454","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31454","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31454","version":2,"revisionDate":"2026-04-23T14:37:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7cf423fc-213f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31454","version":3,"revisionDate":"2026-04-29T14:39:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"00e9863d-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31454","version":1,"revisionDate":"2026-04-23T01:06:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3524a6ac-b03e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000074d0e920","releaseDate":"2026-04-23T01:06:31-07:00","cveNumber":"CVE-2026-31510","cveTitle":"Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:08:58-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31510","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31510","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31510","version":1,"revisionDate":"2026-04-23T01:06:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3177a7a7-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31510","version":3,"revisionDate":"2026-04-29T14:39:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"827db730-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31510","version":2,"revisionDate":"2026-04-23T14:37:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5e1ba9f3-213f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31510","version":4,"revisionDate":"2026-04-30T01:08:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4b69b92c-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a708148b","releaseDate":"2026-04-23T01:06:25-07:00","cveNumber":"CVE-2026-31469","cveTitle":"virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:39:02-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31469","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31469","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31469","version":1,"revisionDate":"2026-04-23T01:06:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a871aea6-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31469","version":2,"revisionDate":"2026-04-23T14:37:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"521ba9f3-213f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31469","version":3,"revisionDate":"2026-04-29T14:39:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f4b42128-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d163d875","releaseDate":"2026-04-23T01:06:20-07:00","cveNumber":"CVE-2026-31441","cveTitle":"dmaengine: idxd: Fix memory leak when a wq is reset","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:38:46-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31441","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31441","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31441","version":2,"revisionDate":"2026-04-23T14:37:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a76d75ec-213f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31441","version":3,"revisionDate":"2026-04-29T14:38:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"28709a1d-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31441","version":1,"revisionDate":"2026-04-23T01:06:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"648bdc9f-b03e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a0c1ce5d","releaseDate":"2026-04-23T01:06:03-07:00","cveNumber":"CVE-2026-31464","cveTitle":"scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:44:02-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31464","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31464","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31464","version":1,"revisionDate":"2026-04-23T01:06:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f3069099-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31464","version":3,"revisionDate":"2026-04-29T15:02:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4609976b-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31464","version":2,"revisionDate":"2026-04-23T14:37:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1abb46e7-213f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31464","version":4,"revisionDate":"2026-04-30T01:44:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f8bad50e-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006e1fc545","releaseDate":"2026-04-23T01:05:41-07:00","cveNumber":"CVE-2026-31497","cveTitle":"Bluetooth: btusb: clamp SCO altsetting table indices","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:07:53-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31497","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31497","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31497","version":3,"revisionDate":"2026-04-29T15:01:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5c89535e-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31497","version":4,"revisionDate":"2026-04-30T01:07:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a9c24305-3144-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31497","version":1,"revisionDate":"2026-04-23T01:05:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"22f72a8c-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31497","version":2,"revisionDate":"2026-04-23T14:43:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3a0b88cf-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000e4591c3","releaseDate":"2026-04-23T01:05:36-07:00","cveNumber":"CVE-2026-31523","cveTitle":"nvme-pci: ensure we're polling a polled queue","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:07:37-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31523","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31523","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31523","version":1,"revisionDate":"2026-04-23T01:05:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"31059284-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31523","version":2,"revisionDate":"2026-04-23T14:43:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"406d78c8-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31523","version":3,"revisionDate":"2026-04-29T15:01:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2cdd7757-dc43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31523","version":4,"revisionDate":"2026-04-30T01:07:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d4b419f6-3044-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e1a287ab","releaseDate":"2026-04-23T01:05:25-07:00","cveNumber":"CVE-2026-31504","cveTitle":"net: fix fanout UAF in packet_release() via NETDEV_UP race","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:07:11-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31504","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31504","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31504","version":3,"revisionDate":"2026-04-29T15:01:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8f042652-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31504","version":4,"revisionDate":"2026-04-30T01:07:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2088ffeb-3044-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31504","version":1,"revisionDate":"2026-04-23T01:05:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9da3fc7e-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31504","version":2,"revisionDate":"2026-04-23T14:43:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e40f63c2-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000d946ce8","releaseDate":"2026-04-23T01:05:19-07:00","cveNumber":"CVE-2026-31458","cveTitle":"mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T15:01:29-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31458","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31458","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31458","version":3,"revisionDate":"2026-04-29T15:01:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f78be14b-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31458","version":1,"revisionDate":"2026-04-23T01:05:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8ea3fc7e-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31458","version":2,"revisionDate":"2026-04-23T14:43:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d80f63c2-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009fc1ce5d","releaseDate":"2026-04-23T01:05:14-07:00","cveNumber":"CVE-2026-31474","cveTitle":"can: isotp: fix tx.buf use-after-free in isotp_sendmsg()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T15:01:21-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31474","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31474","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31474","version":3,"revisionDate":"2026-04-29T15:01:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"62a6ad44-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31474","version":1,"revisionDate":"2026-04-23T01:05:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f82dd178-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31474","version":2,"revisionDate":"2026-04-23T14:43:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0d4950bc-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d5aa1da3","releaseDate":"2026-04-23T01:04:46-07:00","cveNumber":"CVE-2026-31476","cveTitle":"ksmbd: do not expire session on binding failure","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:53:14-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31476","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31476","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31476","version":3,"revisionDate":"2026-04-29T01:01:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"94b951fa-6643-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31476","version":1,"revisionDate":"2026-04-23T01:04:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"18ea866b-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31476","version":2,"revisionDate":"2026-04-23T14:42:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b1ec56b0-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31476","version":4,"revisionDate":"2026-04-29T15:00:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2984b530-dc43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31476","version":5,"revisionDate":"2026-04-30T01:53:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"28144459-3744-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003c367600","releaseDate":"2026-04-23T01:04:40-07:00","cveNumber":"CVE-2026-31455","cveTitle":"xfs: stop reclaim before pushing AIL during unmount","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T15:00:36-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31455","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31455","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31455","version":1,"revisionDate":"2026-04-23T01:04:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ed62f964-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31455","version":2,"revisionDate":"2026-04-23T14:42:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"89305aaa-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31455","version":3,"revisionDate":"2026-04-29T15:00:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"113c902a-dc43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006bd87f18","releaseDate":"2026-04-23T01:04:35-07:00","cveNumber":"CVE-2026-31452","cveTitle":"ext4: convert inline data to extents when truncate exceeds inline size","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T15:00:27-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31452","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31452","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31452","version":3,"revisionDate":"2026-04-29T15:00:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6dd98c26-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31452","version":1,"revisionDate":"2026-04-23T01:04:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e062f964-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31452","version":2,"revisionDate":"2026-04-23T14:42:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7b305aaa-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000452ee008","releaseDate":"2026-04-23T01:04:29-07:00","cveNumber":"CVE-2026-31515","cveTitle":"af_key: validate families in pfkey_send_migrate()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:05:39-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31515","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31515","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31515","version":3,"revisionDate":"2026-04-29T15:00:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9be47d20-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31515","version":1,"revisionDate":"2026-04-23T01:04:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"daf0645e-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31515","version":2,"revisionDate":"2026-04-23T14:42:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"222f62a4-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31515","version":4,"revisionDate":"2026-04-30T01:05:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c88ae5b5-3044-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d3aa1da3","releaseDate":"2026-04-23T01:04:24-07:00","cveNumber":"CVE-2026-31496","cveTitle":"netfilter: nf_conntrack_expect: skip expectations in other netns via proc","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:05:23-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31496","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31496","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31496","version":3,"revisionDate":"2026-04-29T15:00:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bf3d9419-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31496","version":1,"revisionDate":"2026-04-23T01:04:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d1f0645e-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31496","version":2,"revisionDate":"2026-04-23T14:42:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1d2f62a4-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31496","version":4,"revisionDate":"2026-04-30T01:05:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a142b3a8-3044-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000dfa287ab","releaseDate":"2026-04-23T01:04:07-07:00","cveNumber":"CVE-2026-31524","cveTitle":"HID: asus: avoid memory leak in asus_report_fixup()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:04:37-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31524","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31524","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31524","version":1,"revisionDate":"2026-04-23T01:04:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e51e6c51-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31524","version":2,"revisionDate":"2026-04-23T14:42:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3eab5397-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31524","version":3,"revisionDate":"2026-04-29T14:59:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a9fc160c-dc43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31524","version":4,"revisionDate":"2026-04-30T01:04:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0474828f-3044-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fb48609e","releaseDate":"2026-04-23T01:04:01-07:00","cveNumber":"CVE-2026-40890","cveTitle":"github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:44:48-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-40890","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40890","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40890","version":1,"revisionDate":"2026-04-23T01:04:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8af1d24c-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40890","version":2,"revisionDate":"2026-04-24T14:44:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d9bd1025-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002f011aea","releaseDate":"2026-04-23T01:03:37-07:00","cveNumber":"CVE-2026-40706","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:45:04-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-40706","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40706","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.4","temporalScore":"8.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40706","version":1,"revisionDate":"2026-04-23T01:03:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d6468e3e-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40706","version":2,"revisionDate":"2026-04-24T01:04:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c99cb39a-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40706","version":3,"revisionDate":"2026-04-24T14:45:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fc0d7b2c-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000098d01889","releaseDate":"2026-04-23T01:03:30-07:00","cveNumber":"CVE-2026-22015","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:44:41-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22015","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22015","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.3","temporalScore":"4.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22015","version":1,"revisionDate":"2026-04-23T01:03:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ca468e3e-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22015","version":2,"revisionDate":"2026-04-24T01:03:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8823da69-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22015","version":3,"revisionDate":"2026-04-24T14:44:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc30911e-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f362c8d0","releaseDate":"2026-04-23T01:03:25-07:00","cveNumber":"CVE-2026-35236","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:44:31-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-35236","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35236","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35236","version":1,"revisionDate":"2026-04-23T01:03:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ceae437-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35236","version":2,"revisionDate":"2026-04-24T01:04:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c9366588-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35236","version":3,"revisionDate":"2026-04-24T14:44:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a5ea8d18-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009c1eb5a0","releaseDate":"2026-04-23T01:03:19-07:00","cveNumber":"CVE-2026-35240","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:44:20-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-35240","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35240","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35240","version":1,"revisionDate":"2026-04-23T01:03:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"66eae437-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35240","version":2,"revisionDate":"2026-04-24T01:04:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8dc48a94-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35240","version":3,"revisionDate":"2026-04-24T14:44:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e6ef311-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000097d01889","releaseDate":"2026-04-23T01:03:14-07:00","cveNumber":"CVE-2026-22005","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:44:09-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22005","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22005","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22005","version":2,"revisionDate":"2026-04-24T01:03:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aaafb863-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22005","version":3,"revisionDate":"2026-04-24T14:44:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"13f3f50a-ec3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22005","version":1,"revisionDate":"2026-04-23T01:03:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7cae8e30-b03e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003245c02b","releaseDate":"2026-04-23T01:03:08-07:00","cveNumber":"CVE-2026-22004","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:43:58-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22004","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22004","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22004","version":1,"revisionDate":"2026-04-23T01:03:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e9ae722c-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22004","version":2,"revisionDate":"2026-04-24T01:03:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"02839a60-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-22004","version":3,"revisionDate":"2026-04-24T14:43:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"946b0505-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000003a3b613","releaseDate":"2026-04-23T01:03:03-07:00","cveNumber":"CVE-2026-22001","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:43:47-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22001","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22001","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"2.7","temporalScore":"2.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22001","version":1,"revisionDate":"2026-04-23T01:03:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dbae722c-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22001","version":3,"revisionDate":"2026-04-24T14:43:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4419a400-ec3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22001","version":2,"revisionDate":"2026-04-24T01:03:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e78c7d5a-793f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001863c8d0","releaseDate":"2026-04-23T01:02:57-07:00","cveNumber":"CVE-2026-34276","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:43:36-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34276","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34276","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34276","version":2,"revisionDate":"2026-04-24T01:03:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b6b42e79-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34276","version":1,"revisionDate":"2026-04-23T01:02:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b9f4962a-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34276","version":3,"revisionDate":"2026-04-24T14:43:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"857cb2f7-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000862dd063","releaseDate":"2026-04-23T01:02:51-07:00","cveNumber":"CVE-2026-34304","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:43:25-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34304","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34304","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34304","version":1,"revisionDate":"2026-04-23T01:02:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1d1f5424-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34304","version":2,"revisionDate":"2026-04-24T01:04:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2d0b5c85-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34304","version":3,"revisionDate":"2026-04-24T14:43:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e7a679f1-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000caa4a903","releaseDate":"2026-04-23T01:02:46-07:00","cveNumber":"CVE-2026-34308","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:43:14-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34308","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34308","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34308","version":1,"revisionDate":"2026-04-23T01:02:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a1171b24-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34308","version":2,"revisionDate":"2026-04-24T01:04:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c7366588-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34308","version":3,"revisionDate":"2026-04-24T14:43:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"27bb80eb-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000021a27706","releaseDate":"2026-04-23T01:02:40-07:00","cveNumber":"CVE-2026-34303","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34303","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34303","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34303","version":1,"revisionDate":"2026-04-23T01:02:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"64fe791c-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34303","version":2,"revisionDate":"2026-04-24T01:04:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"69c94382-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34303","version":3,"revisionDate":"2026-04-24T14:42:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8d20c6e4-eb3f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b2d76f73","releaseDate":"2026-04-23T01:02:35-07:00","cveNumber":"CVE-2026-34267","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:48-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34267","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34267","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34267","version":1,"revisionDate":"2026-04-23T01:02:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5afe791c-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34267","version":2,"revisionDate":"2026-04-24T01:03:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"140eee6c-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34267","version":3,"revisionDate":"2026-04-24T14:42:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4b14bed8-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006dc3f0b5","releaseDate":"2026-04-23T01:02:29-07:00","cveNumber":"CVE-2026-35238","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:37-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-35238","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35238","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35238","version":1,"revisionDate":"2026-04-23T01:02:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a66afe15-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35238","version":2,"revisionDate":"2026-04-24T01:04:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b8154c90-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-35238","version":3,"revisionDate":"2026-04-24T14:42:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"557052d2-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ceb967ce","releaseDate":"2026-04-23T01:02:24-07:00","cveNumber":"CVE-2026-22017","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:26-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22017","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22017","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22017","version":3,"revisionDate":"2026-04-24T14:42:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e02c7fd0-eb3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22017","version":1,"revisionDate":"2026-04-23T01:02:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2c53db16-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-22017","version":2,"revisionDate":"2026-04-24T01:03:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"120eee6c-793f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d400adfb","releaseDate":"2026-04-23T01:02:18-07:00","cveNumber":"CVE-2026-22002","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:15-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22002","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22002","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22002","version":2,"revisionDate":"2026-04-24T01:03:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"babf925d-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22002","version":3,"revisionDate":"2026-04-24T14:42:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d2e252c5-eb3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22002","version":1,"revisionDate":"2026-04-23T01:02:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"315d960e-b03e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000055935c43","releaseDate":"2026-04-23T01:02:13-07:00","cveNumber":"CVE-2026-34271","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:04-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34271","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34271","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34271","version":1,"revisionDate":"2026-04-23T01:02:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3cec9b0d-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34271","version":2,"revisionDate":"2026-04-24T01:03:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b5c96e70-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34271","version":3,"revisionDate":"2026-04-24T14:42:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c318afbe-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000015aa0dfe","releaseDate":"2026-04-23T01:02:07-07:00","cveNumber":"CVE-2026-34293","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:41:53-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34293","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34293","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34293","version":1,"revisionDate":"2026-04-23T01:02:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f0815a08-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34293","version":2,"revisionDate":"2026-04-24T01:04:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a34e3d7c-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34293","version":3,"revisionDate":"2026-04-24T14:41:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"187ad9b7-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ba1eb5a0","releaseDate":"2026-04-23T01:02:02-07:00","cveNumber":"CVE-2026-34270","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:41:42-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34270","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34270","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34270","version":1,"revisionDate":"2026-04-23T01:02:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e3406a06-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34270","version":2,"revisionDate":"2026-04-24T01:03:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"af900873-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34270","version":3,"revisionDate":"2026-04-24T14:41:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"371478b1-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000db47f228","releaseDate":"2026-04-23T01:01:56-07:00","cveNumber":"CVE-2026-22009","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:41:31-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22009","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22009","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22009","version":1,"revisionDate":"2026-04-23T01:01:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cb406a06-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22009","version":2,"revisionDate":"2026-04-24T01:03:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4d05d266-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-22009","version":3,"revisionDate":"2026-04-24T14:41:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dd6503ab-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008ed76f73","releaseDate":"2026-04-23T01:01:51-07:00","cveNumber":"CVE-2026-35237","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:41:20-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-35237","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35237","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35237","version":2,"revisionDate":"2026-04-24T01:04:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6732838e-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35237","version":1,"revisionDate":"2026-04-23T01:01:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c0493a02-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-35237","version":3,"revisionDate":"2026-04-24T14:41:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d5b386a4-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fd835fbc","releaseDate":"2026-04-23T01:01:45-07:00","cveNumber":"CVE-2026-21998","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:41:09-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-21998","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21998","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-21998","version":1,"revisionDate":"2026-04-23T01:01:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0e15ceff-af3e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21998","version":2,"revisionDate":"2026-04-24T01:03:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dfaf6857-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21998","version":3,"revisionDate":"2026-04-24T14:41:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"80cef99d-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000008389858","releaseDate":"2026-04-23T01:01:40-07:00","cveNumber":"CVE-2026-35239","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:58-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-35239","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35239","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35239","version":1,"revisionDate":"2026-04-23T01:01:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79661bf9-af3e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35239","version":2,"revisionDate":"2026-04-24T01:04:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8bc48a94-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35239","version":3,"revisionDate":"2026-04-24T14:40:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"17da7f97-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000092c3f0b5","releaseDate":"2026-04-23T01:01:34-07:00","cveNumber":"CVE-2026-34278","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:47-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34278","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34278","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34278","version":1,"revisionDate":"2026-04-23T01:01:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"890e6ff3-af3e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34278","version":2,"revisionDate":"2026-04-24T01:04:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"984e3d7c-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34278","version":3,"revisionDate":"2026-04-24T14:40:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"479f7f91-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004733734d","releaseDate":"2026-04-22T01:01:51-07:00","cveNumber":"CVE-2026-5958","cveTitle":"Race Condition in GNU Sed","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:59:34-07:00","cweList":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"],"cweDetailsListForSearch":["cwe: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","cweUrl: https://cwe.mitre.org/data/definitions/367.html"],"mitreText":"CVE-2026-5958","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5958","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"CERT-PL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","https://cwe.mitre.org/data/definitions/367.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-5958","version":3,"revisionDate":"2026-04-29T14:59:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b1f37806-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5958","version":1,"revisionDate":"2026-04-22T01:01:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"44d1dcd5-e63d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-5958","version":2,"revisionDate":"2026-04-24T01:41:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"13eacbb7-7e3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000aab35f96","releaseDate":"2026-04-21T07:00:00-07:00","cveNumber":"CVE-2026-40372","cveTitle":"ASP.NET Core Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-28T07:00:00-07:00","description":"<p>Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-347: Improper Verification of Cryptographic Signature"],"cweDetailsListForSearch":["cwe: CWE-347: Improper Verification of Cryptographic Signature","cweUrl: https://cwe.mitre.org/data/definitions/347.html"],"unformattedDescription":"Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-40372","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40372","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"ASP.NET Core","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.1","temporalScore":"7.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-347: Improper Verification of Cryptographic Signature","https://cwe.mitre.org/data/definitions/347.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"FAQ-Reference-CVE-2026-40372","articleType":"FAQ","description":"<p><strong>How do I know if I'm affected?</strong></p>\n<p>You are affected if all three of the following are true:</p>\n<ol>\n<li>Your application uses Microsoft.AspNetCore.DataProtection 10.0.6 from NuGet (directly, or through a package that depends on it such as Microsoft.AspNetCore.DataProtection.StackExchangeRedis).</li>\n<li>The NuGet copy of the library was actually loaded at runtime \u2014 not the shared framework copy. This typically means you deploy self-contained, or your installed shared framework is older than the NuGet package version.</li>\n<li>Your application runs on Linux, macOS, or another non-Windows OS.</li>\n</ol>\n<p>How do I determine if the vulnerable binary was loaded?</p>\n<p>Check application logs. The clearest symptom is users being logged out and repeated &quot;The payload was invalid&quot; errors in your logs after upgrading to 10.0.6.\nCheck your project file. Look for a PackageReference to Microsoft.AspNetCore.DataProtection version 10.0.6 in your .csproj file (or in a package that depends on it). You can also run dotnet list package to see resolved package versions.</p>\n<p>Inspect the binary on disk. See [https://file+.vscode-resource.vscode-cdn.net/c%3A/Users/shalter/Downloads/advisory-upd-1.md#technical-details]Technical details for how to distinguish the affected NuGet binary from the correct shared framework binary by file size.</p>\n<p><strong>Additional information</strong></p>\n<p>Shared framework deployments are not affected. If your application runs framework-dependent and the installed ASP.NET Core shared framework version is \u2265 your Microsoft.AspNetCore.DataProtection PackageReference version, the correct shared framework binary is loaded and the NuGet binary is never used.</p>\n<p>Windows deployments are not affected. On Windows, DataProtection uses CNG-based encryptors by default, which do not contain this bug. 8.0.x and 9.0.x packages are not affected. The defective code path was introduced during 10.0 development and was never backported.</p>\n<p>Windows with managed algorithms: If you run on Windows but explicitly opted into managed algorithms via UseCustomCryptographicAlgorithms, you are also affected.\nOlder target frameworks: A smaller population running net462 / netstandard2.0 with Microsoft.AspNetCore.DataProtection 10.0.0\u201310.0.6 is affected on all operating systems. See [https://file+.vscode-resource.vscode-cdn.net/c%3A/Users/shalter/Downloads/advisory-upd-1.md#technical-details]Technical details for specifics.</p>\n<p><a href=\"https://github.com/dotnet/announcements/issues/395\">https://github.com/dotnet/announcements/issues/395</a></p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), but could lead to no loss of availability (A:N). What does that mean for this vulnerability?</strong></p>\n<p>Exploiting this vulnerability could allow an attacker to disclose files and modify data, but the attacker cannot impact the availability of the system.</p>\n","ordinal":10000},{"title":"ASP.NET Core Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper verification of cryptographic signature in ASP.NET Core allows an authorized attacker to elevate privileges over a network.</p>\n","ordinal":10000},{"title":"ASP.NET Core Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40372","version":1,"revisionDate":"2026-04-21T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d6323d3f-743a-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40372","version":2,"revisionDate":"2026-04-28T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>This CVE has been updated to include the Visual Studios 2026 18.5 as an Affected Software</p>\n","unformattedDescription":"This CVE has been updated to include the Visual Studios 2026 18.5 as an Affected Software","notificationNeeded":false,"notificationSent":false,"sourceId":"f9f0ac17-2943-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007ccb217d","releaseDate":"2026-04-21T01:01:24-07:00","cveNumber":"CVE-2026-41254","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:59:03-07:00","cweList":["CWE-696: Incorrect Behavior Order"],"cweDetailsListForSearch":["cwe: CWE-696: Incorrect Behavior Order","cweUrl: https://cwe.mitre.org/data/definitions/696.html"],"mitreText":"CVE-2026-41254","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41254","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.0","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-696: Incorrect Behavior Order","https://cwe.mitre.org/data/definitions/696.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41254","version":2,"revisionDate":"2026-04-29T01:41:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cadbd98a-6c43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41254","version":1,"revisionDate":"2026-04-21T01:01:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f5d08398-1d3d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-41254","version":3,"revisionDate":"2026-04-29T14:59:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4cebedf6-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000076d67c65","releaseDate":"2026-04-19T01:01:39-07:00","cveNumber":"CVE-2026-5160","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:58:47-07:00","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"mitreText":"CVE-2026-5160","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5160","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"snyk","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.1","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","vectorStringSource":"snyk","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-5160","version":1,"revisionDate":"2026-04-19T01:01:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"22cbab50-8b3b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5160","version":3,"revisionDate":"2026-04-22T14:39:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f8694403-593e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5160","version":4,"revisionDate":"2026-04-23T01:38:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"44e91632-b53e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5160","version":2,"revisionDate":"2026-04-20T14:39:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"286987b9-c63c-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-5160","version":5,"revisionDate":"2026-04-29T14:58:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"40e39ce8-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004c2aaa7b","releaseDate":"2026-04-18T01:02:04-07:00","cveNumber":"CVE-2025-70873","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:34-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2025-70873","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-70873","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2025-70873","version":1,"revisionDate":"2026-04-18T01:02:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d1586835-c23a-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-70873","version":2,"revisionDate":"2026-04-18T14:41:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"930326aa-343b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-70873","version":3,"revisionDate":"2026-04-24T14:40:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3557848b-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d5560e73","releaseDate":"2026-04-18T01:01:50-07:00","cveNumber":"CVE-2026-27820","cveTitle":"zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:50:27-07:00","cweList":["CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"],"cweDetailsListForSearch":["cwe: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","cweUrl: https://cwe.mitre.org/data/definitions/120.html"],"mitreText":"CVE-2026-27820","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27820","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","https://cwe.mitre.org/data/definitions/120.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-27820","version":2,"revisionDate":"2026-04-23T01:11:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"19de7950-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-27820","version":1,"revisionDate":"2026-04-18T01:01:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2d93bf28-c23a-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-27820","version":3,"revisionDate":"2026-04-23T14:40:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fecaab6c-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-27820","version":4,"revisionDate":"2026-04-29T14:50:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9a64b1c4-da43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000040beba7e","releaseDate":"2026-04-17T07:00:59-07:00","cveNumber":"CVE-2026-6307","cveTitle":"Chromium: CVE-2026-6307 Type Confusion in Turbofan","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:59-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6307","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6307","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6307","version":1,"revisionDate":"2026-04-17T07:00:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1063b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000041beba7e","releaseDate":"2026-04-17T07:00:58-07:00","cveNumber":"CVE-2026-6306","cveTitle":"Chromium: CVE-2026-6306 Heap buffer overflow in PDFium","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:58-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6306","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6306","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6306","version":1,"revisionDate":"2026-04-17T07:00:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fe62b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003ebeba7e","releaseDate":"2026-04-17T07:00:57-07:00","cveNumber":"CVE-2026-6305","cveTitle":"Chromium: CVE-2026-6305 Heap buffer overflow in PDFium","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:57-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6305","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6305","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6305","version":1,"revisionDate":"2026-04-17T07:00:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e862b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003fbeba7e","releaseDate":"2026-04-17T07:00:56-07:00","cveNumber":"CVE-2026-6304","cveTitle":"Chromium: CVE-2026-6304 Use after free in Graphite","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:56-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6304","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6304","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6304","version":1,"revisionDate":"2026-04-17T07:00:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d662b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000044beba7e","releaseDate":"2026-04-17T07:00:55-07:00","cveNumber":"CVE-2026-6303","cveTitle":"Chromium: CVE-2026-6303 Use after free in Codecs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:55-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6303","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6303","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6303","version":1,"revisionDate":"2026-04-17T07:00:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fb26b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000045beba7e","releaseDate":"2026-04-17T07:00:54-07:00","cveNumber":"CVE-2026-6302","cveTitle":"Chromium: CVE-2026-6302 Use after free in Video","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:54-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6302","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6302","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6302","version":1,"revisionDate":"2026-04-17T07:00:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e926b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000042beba7e","releaseDate":"2026-04-17T07:00:53-07:00","cveNumber":"CVE-2026-6301","cveTitle":"Chromium: CVE-2026-6301 Type Confusion in Turbofan","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:53-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6301","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6301","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6301","version":1,"revisionDate":"2026-04-17T07:00:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d726b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000043beba7e","releaseDate":"2026-04-17T07:00:52-07:00","cveNumber":"CVE-2026-6300","cveTitle":"Chromium: CVE-2026-6300 Use after free in CSS","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:52-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6300","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6300","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6300","version":1,"revisionDate":"2026-04-17T07:00:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c126b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000098ee4ef1","releaseDate":"2026-04-17T07:00:51-07:00","cveNumber":"CVE-2026-6299","cveTitle":"Chromium: CVE-2026-6299 Use after free in Prerender","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:51-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6299","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6299","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6299","version":1,"revisionDate":"2026-04-17T07:00:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"af26b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000097ee4ef1","releaseDate":"2026-04-17T07:00:50-07:00","cveNumber":"CVE-2026-6298","cveTitle":"Chromium: CVE-2026-6298 Heap buffer overflow in Skia","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:50-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6298","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6298","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6298","version":1,"revisionDate":"2026-04-17T07:00:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9926b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00009eee4ef1","releaseDate":"2026-04-17T07:00:49-07:00","cveNumber":"CVE-2026-6297","cveTitle":"Chromium: CVE-2026-6297 Use after free in Proxy","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:49-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6297","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6297","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6297","version":1,"revisionDate":"2026-04-17T07:00:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8726b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00009dee4ef1","releaseDate":"2026-04-17T07:00:46-07:00","cveNumber":"CVE-2026-6296","cveTitle":"Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:46-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6296","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6296","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6296","version":1,"revisionDate":"2026-04-17T07:00:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7326b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e179a74e","releaseDate":"2026-04-17T07:00:14-07:00","cveNumber":"CVE-2026-6364","cveTitle":"Chromium: CVE-2026-6364 Out of bounds read in Skia","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:14-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6364","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6364","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6364","version":1,"revisionDate":"2026-04-17T07:00:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c326afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e679a74e","releaseDate":"2026-04-17T07:00:13-07:00","cveNumber":"CVE-2026-6363","cveTitle":"Chromium: CVE-2026-6363 Type Confusion in V8","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:13-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6363","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6363","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6363","version":1,"revisionDate":"2026-04-17T07:00:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b126afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e779a74e","releaseDate":"2026-04-17T07:00:12-07:00","cveNumber":"CVE-2026-6362","cveTitle":"Chromium: CVE-2026-6362 Use after free in Codecs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:12-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6362","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6362","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6362","version":1,"revisionDate":"2026-04-17T07:00:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9f26afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e479a74e","releaseDate":"2026-04-17T07:00:11-07:00","cveNumber":"CVE-2026-6361","cveTitle":"Chromium: CVE-2026-6361 Heap buffer overflow in PDFium","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:11-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6361","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6361","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6361","version":1,"revisionDate":"2026-04-17T07:00:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8926afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e579a74e","releaseDate":"2026-04-17T07:00:10-07:00","cveNumber":"CVE-2026-6360","cveTitle":"Chromium: CVE-2026-6360 Use after free in FileSystem","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:10-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6360","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6360","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6360","version":1,"revisionDate":"2026-04-17T07:00:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7726afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a04913dc","releaseDate":"2026-04-17T07:00:09-07:00","cveNumber":"CVE-2026-6318","cveTitle":"Chromium: CVE-2026-6318 Use after free in Codecs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:09-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6318","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6318","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6318","version":1,"revisionDate":"2026-04-17T07:00:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4f26afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00000b1cb166","releaseDate":"2026-04-17T07:00:09-07:00","cveNumber":"CVE-2026-6359","cveTitle":"Chromium: CVE-2026-6359 Use after free in Video","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:09-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6359","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6359","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6359","version":1,"revisionDate":"2026-04-17T07:00:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6126afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a54913dc","releaseDate":"2026-04-17T07:00:08-07:00","cveNumber":"CVE-2026-6317","cveTitle":"Chromium: CVE-2026-6317 Use after free in Cast","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:08-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6317","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6317","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6317","version":1,"revisionDate":"2026-04-17T07:00:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3d26afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a64913dc","releaseDate":"2026-04-17T07:00:06-07:00","cveNumber":"CVE-2026-6316","cveTitle":"Chromium: CVE-2026-6316 Use after free in Forms","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:06-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6316","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6316","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6316","version":1,"revisionDate":"2026-04-17T07:00:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2726afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a44913dc","releaseDate":"2026-04-17T07:00:05-07:00","cveNumber":"CVE-2026-6314","cveTitle":"Chromium: CVE-2026-6314 Out of bounds write in GPU","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:05-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6314","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6314","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6314","version":1,"revisionDate":"2026-04-17T07:00:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1526afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000aa4913dc","releaseDate":"2026-04-17T07:00:04-07:00","cveNumber":"CVE-2026-6312","cveTitle":"Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:04-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6312","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6312","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6312","version":1,"revisionDate":"2026-04-17T07:00:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7263b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a94913dc","releaseDate":"2026-04-17T07:00:04-07:00","cveNumber":"CVE-2026-6313","cveTitle":"Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:04-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6313","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6313","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6313","version":1,"revisionDate":"2026-04-17T07:00:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8463b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a74913dc","releaseDate":"2026-04-17T07:00:03-07:00","cveNumber":"CVE-2026-6311","cveTitle":"Chromium: CVE-2026-6311 Uninitialized Use in Accessibility","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:03-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6311","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6311","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6311","version":1,"revisionDate":"2026-04-17T07:00:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6063b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a84913dc","releaseDate":"2026-04-17T07:00:02-07:00","cveNumber":"CVE-2026-6310","cveTitle":"Chromium: CVE-2026-6310 Use after free in Dawn","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:02-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6310","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6310","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6310","version":1,"revisionDate":"2026-04-17T07:00:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4a63b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003abeba7e","releaseDate":"2026-04-17T07:00:01-07:00","cveNumber":"CVE-2026-6309","cveTitle":"Chromium: CVE-2026-6309 Use after free in Viz","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:01-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6309","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6309","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6309","version":1,"revisionDate":"2026-04-17T07:00:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3863b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003bbeba7e","releaseDate":"2026-04-17T07:00:00-07:00","cveNumber":"CVE-2026-6308","cveTitle":"Chromium: CVE-2026-6308 Out of bounds read in Media","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:00-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6308","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6308","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6308","version":1,"revisionDate":"2026-04-17T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2263b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f645a376","releaseDate":"2026-04-17T01:02:19-07:00","cveNumber":"CVE-2026-39956","cveTitle":"jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:26-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-39956","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-39956","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.1","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-39956","version":1,"revisionDate":"2026-04-17T01:02:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"21622113-f939-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-39956","version":2,"revisionDate":"2026-04-18T14:41:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8fa082a6-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-39956","version":3,"revisionDate":"2026-04-24T14:40:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"06259584-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002b08148b","releaseDate":"2026-04-17T01:01:59-07:00","cveNumber":"CVE-2026-35469","cveTitle":"SpdyStream: DOS on CRI","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T01:01:59-07:00","cweList":["CWE-770: Allocation of Resources Without Limits or Throttling"],"cweDetailsListForSearch":["cwe: CWE-770: Allocation of Resources Without Limits or Throttling","cweUrl: https://cwe.mitre.org/data/definitions/770.html"],"mitreText":"CVE-2026-35469","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35469","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-770: Allocation of Resources Without Limits or Throttling","https://cwe.mitre.org/data/definitions/770.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35469","version":1,"revisionDate":"2026-04-17T01:01:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f45fa705-f939-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d5acdaca","releaseDate":"2026-04-17T01:01:51-07:00","cveNumber":"CVE-2026-40164","cveTitle":"jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:19-07:00","cweList":["CWE-328: Use of Weak Hash"],"cweDetailsListForSearch":["cwe: CWE-328: Use of Weak Hash","cweUrl: https://cwe.mitre.org/data/definitions/328.html"],"mitreText":"CVE-2026-40164","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40164","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-328: Use of Weak Hash","https://cwe.mitre.org/data/definitions/328.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40164","version":1,"revisionDate":"2026-04-17T01:01:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2fb180ff-f839-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40164","version":2,"revisionDate":"2026-04-18T14:41:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"88a082a6-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40164","version":3,"revisionDate":"2026-04-24T14:40:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ef249584-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b7150f04","releaseDate":"2026-04-17T01:01:42-07:00","cveNumber":"CVE-2026-39979","cveTitle":"jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:12-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-39979","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-39979","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-39979","version":1,"revisionDate":"2026-04-17T01:01:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1fb180ff-f839-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-39979","version":2,"revisionDate":"2026-04-18T14:41:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0cf193a2-343b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-39979","version":3,"revisionDate":"2026-04-24T14:40:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6cfa677e-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001b8bb6a6","releaseDate":"2026-04-17T01:01:34-07:00","cveNumber":"CVE-2026-33948","cveTitle":"jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:05-07:00","cweList":["CWE-170: Improper Null Termination"],"cweDetailsListForSearch":["cwe: CWE-170: Improper Null Termination","cweUrl: https://cwe.mitre.org/data/definitions/170.html"],"mitreText":"CVE-2026-33948","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33948","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-170: Improper Null Termination","https://cwe.mitre.org/data/definitions/170.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33948","version":1,"revisionDate":"2026-04-17T01:01:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9a0d88f9-f839-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33948","version":2,"revisionDate":"2026-04-18T14:41:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d8a6569a-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33948","version":3,"revisionDate":"2026-04-24T14:40:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b80c2878-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000022d2fbd3","releaseDate":"2026-04-17T01:01:26-07:00","cveNumber":"CVE-2026-33947","cveTitle":"jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:39:58-07:00","cweList":["CWE-674: Uncontrolled Recursion"],"cweDetailsListForSearch":["cwe: CWE-674: Uncontrolled Recursion","cweUrl: https://cwe.mitre.org/data/definitions/674.html"],"mitreText":"CVE-2026-33947","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33947","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.2","temporalScore":"6.2","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-674: Uncontrolled Recursion","https://cwe.mitre.org/data/definitions/674.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33947","version":1,"revisionDate":"2026-04-17T01:01:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"be1d38f3-f839-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33947","version":2,"revisionDate":"2026-04-18T14:40:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d3a6569a-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33947","version":3,"revisionDate":"2026-04-24T14:39:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a70c2878-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009344811e","releaseDate":"2026-04-17T01:01:17-07:00","cveNumber":"CVE-2026-32316","cveTitle":"jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:39:51-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-32316","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32316","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.2","temporalScore":"8.2","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-32316","version":1,"revisionDate":"2026-04-17T01:01:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c8b50eec-f839-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32316","version":2,"revisionDate":"2026-04-18T14:40:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"50725494-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32316","version":3,"revisionDate":"2026-04-24T14:39:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a62cf071-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000033935c43","releaseDate":"2026-04-15T01:05:07-07:00","cveNumber":"CVE-2026-35201","cveTitle":"Discount has an Out-of-bounds Read in rdiscount","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T01:40:21-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-35201","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35201","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.9","temporalScore":"5.9","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35201","version":1,"revisionDate":"2026-04-15T01:05:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bb20dc1f-6738-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35201","version":3,"revisionDate":"2026-04-17T01:40:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"baed1e64-fe39-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35201","version":2,"revisionDate":"2026-04-15T14:46:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6d9a33d0-d938-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ff2de008","releaseDate":"2026-04-15T01:01:51-07:00","cveNumber":"CVE-2026-33555","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:57:49-07:00","cweList":["CWE-130: Improper Handling of Length Parameter Inconsistency"],"cweDetailsListForSearch":["cwe: CWE-130: Improper Handling of Length Parameter Inconsistency","cweUrl: https://cwe.mitre.org/data/definitions/130.html"],"mitreText":"CVE-2026-33555","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33555","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.0","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-130: Improper Handling of Length Parameter Inconsistency","https://cwe.mitre.org/data/definitions/130.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33555","version":2,"revisionDate":"2026-04-22T14:38:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc43bdfc-583e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33555","version":3,"revisionDate":"2026-04-29T14:57:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2163f4c7-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33555","version":1,"revisionDate":"2026-04-15T01:01:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3877dbab-6638-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008e4c1716","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32214","cveTitle":"Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32214","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32214","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Universal Plug and Play (upnp.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.</p>\n","ordinal":10000},{"title":"Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32214","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7b60b130-1c29-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000811ea5fb","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33829","cveTitle":"Windows Snipping Tool Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-33829","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33829","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Snipping Tool","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000002,"severity":"Moderate","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.3","temporalScore":"3.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must induce the user into launching a crafted malicious link and confirming the launch of the Snipping Tool program.</p>\n","ordinal":10000},{"title":"Windows Snipping Tool Spoofing Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An attacker could induce the user into clicking a specially crafted link in a Web browser or other URL source, by embedding it in a Web page or email message. If the user approves the launching of the link, the crafted URL can induce the computer to connect to an SMB server of the attacker\u2019s choosing, which would disclose the user\u2019s NTLMv2 hash to the attacker, who could use this to authenticate as the user.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33829","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"539880e2-f431-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000527c9be3","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33824","cveTitle":"Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-33824","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33824","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows IKE Extension","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"title":"Windows IKE Extension Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An unauthenticated attacker could send specially crafted packets to a Windows machine with Internet Key Exchange (IKE) version 2 enabled, which could enable remote code execution.</p>\n","ordinal":10000},{"title":"Mitigation-CVE-2026-33824","articleType":"Mitigation","description":"<p>The following <a href=\"https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation\">mitigating factors</a> might be helpful in your situation:</p>\n<p>Customers who cannot immediately install the security update can take one of the following actions, depending on their environment:</p>\n<ul>\n<li>Block inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE.</li>\n<li>For systems that require IKE, configure firewall rules to allow inbound traffic on UDP ports 500 and 4500 only from known peer addresses.</li>\n</ul>\n<p><em><strong>These actions reduce the attack surface but do not replace installing the security update when it becomes available.</strong></em></p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33824","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f8f79c43-a92f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000023da91cb","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33827","cveTitle":"Windows TCP/IP Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-33827","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33827","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p>\n","ordinal":10000},{"title":"Windows TCP/IP Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"title":"FAQ-Exploit-IPV6","articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33827","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0b4052c6-e731-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000017a9fcd1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33115","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-33115","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33115","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>Yes, the Preview Pane is an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33115","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fe245193-662d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b21da474","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33114","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-33114","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33114","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>Yes, the Preview Pane is an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33114","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ffc2fd7e-622d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b31da474","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33104","cveTitle":"Win32k Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33104","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33104","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - GRFX","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Win32K - GRFX Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33104","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"42f5dd49-332a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ba64e9a1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33103","cveTitle":"Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-28T07:00:00-07:00","description":"<p>Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-33103","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33103","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Dynamics 365 (on-premises)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Microsoft Dynamics 365 (on-premises) Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33103","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8a310409-7129-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-33103","version":1.1,"revisionDate":"2026-04-28T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Added acknowledgements. This is an informational change only.</p>\n","unformattedDescription":"Added acknowledgements. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"3dcd08fe-1543-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000847b9a5c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33101","cveTitle":"Windows Print Spooler Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33101","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33101","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Print Spooler Components","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Print Spooler Components Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33101","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"04d785d9-5f29-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001ff041ff","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33100","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33100","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33100","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33100","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5a5c2eab-5f29-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004e286c69","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33099","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33099","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33099","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33099","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cb15b661-5f29-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002ac1beb8","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32225","cveTitle":"Windows Shell Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.</p>\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.","mitreText":"CVE-2026-32225","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32225","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Shell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>This vulnerability could allow an attacker to bypass SmartScreen protections that rely on the Mark of the Web (MotW) to identify files originating from the internet.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An attacker could exploit this issue by convincing a user to open a specially crafted .lnk file delivered through email, a website download, or removable media. When opened, the shortcut causes Windows to launch commands or Control Panel applets without proper MotW handling, potentially allowing arbitrary command execution or loading attacker\u2011controlled DLLs.</p>\n","ordinal":10000},{"title":"Windows Shell Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>To successfully exploit this vulnerability, an attacker must convince a user to open a malicious link or shortcut file.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32225","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7fb2c23d-3729-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005eaa0dfe","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32203","cveTitle":".NET and Visual Studio Denial of Service Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-20T07:00:00-07:00","description":"<p>Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.</p>\n","cweList":["CWE-121: Stack-based Buffer Overflow","CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html","cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-32203","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32203","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET and Visual Studio","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":".NET and Visual Studio Denial of Service Vulnerability","articleType":"100000000","description":"<p>Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32203","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2ecd1ca7-1b27-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-32203","version":1.1,"revisionDate":"2026-04-20T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Download links fixed</p>\n","unformattedDescription":"Download links fixed","notificationNeeded":false,"notificationSent":false,"sourceId":"1b8d0019-403d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000015d92b7","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26171","cveTitle":".NET Denial of Service Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-22T07:00:00-07:00","description":"<p>Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.</p>\n","cweList":["CWE-400: Uncontrolled Resource Consumption","CWE-611: Improper Restriction of XML External Entity Reference"],"cweDetailsListForSearch":["cwe: CWE-400: Uncontrolled Resource Consumption","cweUrl: https://cwe.mitre.org/data/definitions/400.html","cwe: CWE-611: Improper Restriction of XML External Entity Reference","cweUrl: https://cwe.mitre.org/data/definitions/611.html"],"unformattedDescription":"Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-26171","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26171","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-400: Uncontrolled Resource Consumption","https://cwe.mitre.org/data/definitions/400.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-611: Improper Restriction of XML External Entity Reference","https://cwe.mitre.org/data/definitions/611.html"]}],"articles":[{"title":".NET Denial of Service Vulnerability","articleType":"100000000","description":"<p>Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26171","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2935fc82-0727-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-26171","version":2,"revisionDate":"2026-04-22T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>The CVE was updated to include Powershell 7.6 and 7.5</p>\n","unformattedDescription":"The CVE was updated to include Powershell 7.6 and 7.5","notificationNeeded":false,"notificationSent":false,"sourceId":"ee832c83-cf3d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000094935c43","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32201","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-32201","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32201","publiclyDisclosed":"No","exploited":"Yes","latestSoftwareReleaseId":0,"latestSoftwareRelease":"Exploitation Detected","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"6.5","temporalScore":"6.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32201","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1263291c-f423-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-32201","version":1.1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Added an acknowledgement. This is an informational change only.</p>\n","unformattedDescription":"Added an acknowledgement. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"b6b4da55-4238-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f91eb5a0","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32200","cveTitle":"Microsoft PowerPoint Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32200","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32200","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office PowerPoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office PowerPoint Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit the vulnerability?</strong></p>\n<p>An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32200","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b4445c54-f323-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007420d671","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32199","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32199","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32199","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must send a user a malicious Office file and convince them to open it.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32199","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2b43c789-f223-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000f957d14","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32198","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32198","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32198","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must send a user a malicious Office file and convince them to open it.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32198","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"675f5110-f223-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000066924b17","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32197","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32197","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32197","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must send a user a malicious Office file and convince them to open it.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32197","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d727b981-f123-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000107f3b9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32196","cveTitle":"Windows Admin Center Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-32196","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32196","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Admin Center","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"6.1","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Windows Admin Center Spoofing Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to the attacker gaining the ability to interact with other tenant\u2019s applications and content.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32196","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"06f42f4f-ed23-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000037f041ff","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32190","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32190","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32190","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>Yes, the Preview Pane is an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32190","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"adf3d792-9e23-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000707f3b9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32176","cveTitle":"SQL Server Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"cweDetailsListForSearch":["cwe: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","cweUrl: https://cwe.mitre.org/data/definitions/89.html"],"unformattedDescription":"Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32176","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32176","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"SQL Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"6.7","temporalScore":"5.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","https://cwe.mitre.org/data/definitions/89.html"]}],"articles":[{"title":"SQL Server Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SQL sysadmin privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p>\n<p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p>\n<p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p>\n<ul>\n<li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href=\"https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates\">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li>\n<li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li>\n</ul>\n<p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p>\n<table>\n<thead>\n<tr>\n<th>Update Number</th>\n<th>Title</th>\n<th>Version</th>\n<th>Apply if current product version is\u2026</th>\n<th>This security update also includes servicing releases up through\u2026</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><strong>5083245</strong></td>\n<td>Security update for SQL Server 2025 CU3+GDR</td>\n<td>17.0.4030.1</td>\n<td>17.0.4006.2 - 17.0.4025.3</td>\n<td>KB5077896 -\u00a0Previous SQL2025 RTM CU3</td>\n</tr>\n<tr>\n<td><strong>5084814</strong></td>\n<td>Security update for SQL Server 2025 RTM+GDR</td>\n<td>17.0.1110.1</td>\n<td>17.0.1000.7 - 17.0.1105.2</td>\n<td>KB5077468 - Previous SQL2025 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5083252</strong></td>\n<td>Security update for SQL Server 2022 CU24+GDR</td>\n<td>16.0.4250.1</td>\n<td>16.0.4003.1 -\u00a016.0.4245.2</td>\n<td>KB5080999 - Previous SQL2022 RTM CU24</td>\n</tr>\n<tr>\n<td><strong>5084815</strong></td>\n<td>Security update for SQL Server 2022 RTM+GDR</td>\n<td>16.0.1175.1</td>\n<td>16.0.1000.6 -\u00a016.0.1170.5</td>\n<td>KB5077465 - Previous SQL2022 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084816</strong></td>\n<td>Security update for SQL Server 2019 CU32+GDR</td>\n<td>15.0.4465.1</td>\n<td>15.0.4003.23 - 15.0.4460.4</td>\n<td>KB 5077469 - Previous SQL2019 RTM CU32 GDR</td>\n</tr>\n<tr>\n<td><strong>5084817</strong></td>\n<td>Security update for SQL Server 2019 RTM+GDR</td>\n<td>15.0.2165.1</td>\n<td>15.0.2000.5 -\u00a015.0.2160.4</td>\n<td>KB 5077470 - Previous SQL2019 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084818</strong></td>\n<td>Security update for SQL Server 2017 CU31+GDR</td>\n<td>14.0.3525.1</td>\n<td>14.0.3006.16 - 14.0.3520.4</td>\n<td>KB 5077471 - Previous SQL2017 RTM CU31 GDR</td>\n</tr>\n<tr>\n<td><strong>5084819</strong></td>\n<td>Security update for SQL Server 2017 RTM+GDR</td>\n<td>14.0.2105.1</td>\n<td>14.0.1000.169 - 14.0.2100.4</td>\n<td>KB 5077472 - Previous SQL2017 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084820</strong></td>\n<td>Security update for SQL Server 2016 Azure Connect Feature Pack+GDR</td>\n<td>13.0.7080.1</td>\n<td>13.0.7000.253 - 13.0.7075.5</td>\n<td>KB 5077473 - Previous SQL2016 Azure Connect Feature Pack\u00a0GDR</td>\n</tr>\n<tr>\n<td><strong>5084821</strong></td>\n<td>Security update for SQL Server 2016 SP3+GDR</td>\n<td>13.0.6485.1</td>\n<td>13.0.6300.2 - 13.0.6480.4</td>\n<td>KB 5077474 - Previous SQL2016 RTM GDR</td>\n</tr>\n</tbody>\n</table>\n<p><strong>What are the GDR and CU update designations and how do they differ?</strong></p>\n<p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p>\n<ul>\n<li>GDR updates \u2013 cumulatively only contain security updates for the given baseline.</li>\n<li>CU updates \u2013 cumulatively contain all functional fixes and security updates for the given baseline.</li>\n</ul>\n<p>For any given baseline, either the GDR or CU updates could be options (see below).</p>\n<ul>\n<li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li>\n<li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li>\n<li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li>\n</ul>\n<p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p>\n<p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p>\n<p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32176","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ef55c5ee-2922-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a27b9a5c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32171","cveTitle":"Azure Logic Apps Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-522: Insufficiently Protected Credentials"],"cweDetailsListForSearch":["cwe: CWE-522: Insufficiently Protected Credentials","cweUrl: https://cwe.mitre.org/data/definitions/522.html"],"unformattedDescription":"Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-32171","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32171","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Logic Apps","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-522: Insufficiently Protected Credentials","https://cwe.mitre.org/data/definitions/522.html"]}],"articles":[{"title":"Azure Logic Apps Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit the vulnerability?</strong></p>\n<p>An attacker could create a forged authentication token and use it to access administrative function APIs. This may allow them to retrieve keys, access the file system, and deploy unauthorized code within the Logic Apps environment.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How do customers mitigate this vulnerability?</strong></p>\n<p>Customers are protected through service-side (control plane) updates, which are automatically applied\u2014there is no download, build number, or manual update required to receive the fix.</p>\n<p>The only exception is for existing Logic Apps that were created when WEBSITE_AUTH_ENCRYPTION_KEY was configured as an environment variable. For those existing apps, customers must make a small update (edit any environment variable) to trigger the change and fully mitigate the issue.</p>\n<p>New or updated Logic Apps already use a secret reference for the auth key and are automatically mitigated without any customer action.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32171","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"847823a8-5a21-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d01da474","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32164","cveTitle":"Windows User Interface Core Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32164","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32164","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows User Interface Core","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"title":"Windows User Interface Core Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer Isolation</a> for more information.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a> for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32164","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ac47cf0-511e-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d764e9a1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32163","cveTitle":"Windows User Interface Core Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32163","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32163","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows User Interface Core","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows User Interface Core Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a> for more information.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer Isolation</a> for more information.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32163","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"290b97c1-511e-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000072d99044","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32162","cveTitle":"Windows COM Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data"],"cweDetailsListForSearch":["cwe: CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data","cweUrl: https://cwe.mitre.org/data/definitions/349.html"],"unformattedDescription":"Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32162","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32162","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows COM","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data","https://cwe.mitre.org/data/definitions/349.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows COM Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32162","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"37b10b35-491e-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000034a9fcd1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32155","cveTitle":"Desktop Window Manager Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32155","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32155","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Desktop Window Manager","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p>\n","ordinal":10000},{"title":"Desktop Window Manager Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"title":"Windows DWM Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32155","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aff8e898-021d-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d664e9a1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32153","cveTitle":"Windows Speech Runtime Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free","CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32153","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32153","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Windows Speech","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Microsoft Windows Speech Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"title":"Microsoft Windows Speech Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32153","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5bf71d49-021d-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a07b9a5c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32151","cveTitle":"Windows Shell Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.","mitreText":"CVE-2026-32151","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32151","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Shell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p>\n","ordinal":10000},{"title":"Windows Shell Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32151","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7abe4798-ec1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003bf041ff","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32150","cveTitle":"Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32150","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32150","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Function Discovery Service (fdwsd.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32150","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e5f0bd52-ec1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007720d671","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32149","cveTitle":"Windows Hyper-V Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.</p>\n","cweList":["CWE-20: Improper Input Validation","CWE-191: Integer Underflow (Wrap or Wraparound)","CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html","cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html","cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.","mitreText":"CVE-2026-32149","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32149","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Role: Windows Hyper-V","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.3","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Hyper-V Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\nThe vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>\n<p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32149","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"533270a9-eb1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000097833054","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32091","cveTitle":"Microsoft Brokering File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32091","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32091","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Brokering File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Brokering File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain the privileges of the logged-on user.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32091","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"692687cd-e91c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d3b3c4c6","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32088","cveTitle":"Windows Biometric Service Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.","mitreText":"CVE-2026-32088","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32088","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Biometric Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"6.1","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows Biometric Service Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>This vulnerability could allow an attacker to bypass the Windows biometric authentication feature. A malicious biometric device could be incorrectly recognized as trusted, allowing an attacker to falsely present biometric data and potentially gain access to the device without the legitimate user's fingerprint or face.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32088","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e496c0f1-e81c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c5253a6c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32086","cveTitle":"Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32086","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32086","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Function Discovery Service (fdwsd.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000},{"title":"Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32086","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d22d427f-e81c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008f3ceb26","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32084","cveTitle":"Windows Print Spooler Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32084","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32084","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows File Explorer","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Windows File Explorer Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an address from an object operating at a High Integrity Level in a contained (&quot;sandboxed&quot;) execution environment.</p>\n<p>Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a>  for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32084","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7e94642d-e81c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fb0e89b1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32080","cveTitle":"Windows WalletService Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32080","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32080","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows WalletService","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows WalletService Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32080","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"57285eaf-e71c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000075286c69","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32079","cveTitle":"Web Account Manager Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32079","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32079","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows File Explorer","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an address from an object operating at a High Integrity Level in a contained (&quot;sandboxed&quot;) execution environment.</p>\n<p>Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a>  for more information.</p>\n","ordinal":10000},{"title":"Windows File Explorer Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32079","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4d42f057-e71c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000dab3c4c6","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32078","cveTitle":"Windows Projected File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32078","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32078","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Projected File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Projected File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32078","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d6a30228-e71c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000679ae10e","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32077","cveTitle":"Windows UPnP Device Host Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-20T07:00:00-07:00","description":"<p>Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32077","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32077","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Universal Plug and Play (UPnP) Device Host","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"title":"Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32077","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"53ff84e3-e61c-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-32077","version":1.1,"revisionDate":"2026-04-20T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.</p>\n","unformattedDescription":"Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"933b4e1f-f23c-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000cc253a6c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32076","cveTitle":"Windows Storage Spaces Controller Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32076","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32076","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Storage Spaces Controller","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Storage Spaces Controller Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32076","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8cadccca-e61c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000963ceb26","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32074","cveTitle":"Windows Projected File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32074","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32074","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Projected File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Projected File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32074","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"efd03a7b-e61c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000038f8d7f6","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32072","cveTitle":"Active Directory Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.</p>\n","cweList":["CWE-287: Improper Authentication"],"cweDetailsListForSearch":["cwe: CWE-287: Improper Authentication","cweUrl: https://cwe.mitre.org/data/definitions/287.html"],"unformattedDescription":"Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.","mitreText":"CVE-2026-32072","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32072","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Active Directory","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"6.2","temporalScore":"5.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-287: Improper Authentication","https://cwe.mitre.org/data/definitions/287.html"]}],"articles":[{"title":"Windows Active Directory Spoofing Vulnerability","articleType":"100000000","description":"<p>Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32072","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f2e3472e-e61c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000020f89b1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32070","cveTitle":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32070","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32070","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Common Log File System Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"title":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32070","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"280df0f7-e01c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000074286c69","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32069","cveTitle":"Windows Projected File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32069","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32069","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Projected File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"title":"Windows Projected File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32069","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5ad9eee0-e01c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d9b3c4c6","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32068","cveTitle":"Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32068","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32068","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows SSDP Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows SSDP Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32068","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6f071222-e01c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000019289bd1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27930","cveTitle":"Windows GDI Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.</p>\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-27930","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27930","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows GDI","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows GDI Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>This vulnerability may allow an attacker to access small portions of memory from the affected application when it processes a specially crafted Enhanced Metafile (EMF). This issue is an out\u2011of\u2011bounds read, any disclosure would be limited to whatever data happens to reside in adjacent memory at the time.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>The user would have to open or preview content that contains the malicious Enhanced Metafile (EMF).</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27930","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"604a6dd4-df1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000042835fbc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27928","cveTitle":"Windows Hello Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.</p>\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.","mitreText":"CVE-2026-27928","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27928","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Hello","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"8.7","temporalScore":"7.6","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to the attacker gaining the ability to interact with other tenant\u2019s applications and content.</p>\n","ordinal":10000},{"title":"Windows Hello Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could bypass the MFA required for Windows Hello for Business PIN provisioning.</p>\n<p><strong>Where can I find more information about Windows Hello for Business PIN provisioning?</strong></p>\n<p>Please see <a href=\"https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/how-it-works-provisioning\">Windows Hello for Business PIN provisioning</a> for updated details.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27928","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aeffd583-df1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000049caa4e9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27925","cveTitle":"Windows UPnP Device Host Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.","mitreText":"CVE-2026-27925","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27925","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Universal Plug and Play (UPnP) Device Host","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Universal Plug and Play (UPnP) Device Host Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27925","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0f347ee1-de1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000eb8591b9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27923","cveTitle":"Desktop Window Manager Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27923","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27923","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Desktop Window Manager","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Desktop Window Manager Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27923","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"33db01d1-dd1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005011ea16","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27922","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27922","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27922","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27922","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f12f9a50-dd1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001a289bd1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27920","cveTitle":"Windows UPnP Device Host Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27920","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27920","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Universal Plug and Play (UPnP) Device Host","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"title":"Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27920","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ebb1593-dc1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e13e4c8c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27916","cveTitle":"Windows UPnP Device Host Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27916","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27916","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Universal Plug and Play (UPnP) Device Host","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploits this vulnerability could gain access to a limited set of administrator-protected objects.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27916","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"de9b819b-db1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ab55fd46","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27914","cveTitle":"Microsoft Management Console Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27914","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27914","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Management Console","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Microsoft Management Console Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27914","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3b68b22f-db1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e88591b9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27913","cveTitle":"Windows BitLocker Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.</p>\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-27913","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27913","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows BitLocker","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.7","temporalScore":"6.7","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Windows BitLocker Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.</p>\n","ordinal":10000},{"title":"Windows Secure Boot Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27913","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9c8c45d9-da1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004d11ea16","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27912","cveTitle":"Windows Kerberos Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.</p>\n","cweList":["CWE-285: Improper Authorization"],"cweDetailsListForSearch":["cwe: CWE-285: Improper Authorization","cweUrl: https://cwe.mitre.org/data/definitions/285.html"],"unformattedDescription":"Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.","mitreText":"CVE-2026-27912","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27912","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kerberos","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.0","temporalScore":"7.0","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-285: Improper Authorization","https://cwe.mitre.org/data/definitions/285.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires that an attacker needs to be in the same restricted Active Directory domain as the target system. The attack surface is not reachable from broader networks, which is why the attack vector is considered adjacent (AV:A).</p>\n","ordinal":10000},{"title":"Windows Kerberos Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27912","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0a0d10d8-d81c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b29c4274","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27911","cveTitle":"Windows User Interface Core Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27911","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27911","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows User Interface Core","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer Isolation</a> for more information.</p>\n","ordinal":10000},{"title":"Windows User Interface Core Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a> for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27911","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f2afba31-d81c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000017289bd1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27910","cveTitle":"Windows Installer Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-280: Improper Handling of Insufficient Permissions or Privileges"],"cweDetailsListForSearch":["cwe: CWE-280: Improper Handling of Insufficient Permissions or Privileges","cweUrl: https://cwe.mitre.org/data/definitions/280.html"],"unformattedDescription":"Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27910","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27910","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Installer","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-280: Improper Handling of Insufficient Permissions or Privileges","https://cwe.mitre.org/data/definitions/280.html"]}],"articles":[{"title":"Windows Installer Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27910","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"95bd735e-d71c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000dbf7065f","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27909","cveTitle":"Windows Search Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27909","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27909","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Windows Search Component","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Windows Search Component Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27909","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fa89cff4-d61c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000eb154d8a","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26184","cveTitle":"Windows Projected File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-126: Buffer Over-read"],"cweDetailsListForSearch":["cwe: CWE-126: Buffer Over-read","cweUrl: https://cwe.mitre.org/data/definitions/126.html"],"unformattedDescription":"Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26184","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26184","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Projected File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-126: Buffer Over-read","https://cwe.mitre.org/data/definitions/126.html"]}],"articles":[{"title":"Windows Projected File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26184","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c44061c0-d41c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008dd1395a","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26182","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26182","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26182","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26182","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2d678169-d31c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003e8d262a","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26178","cveTitle":"Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-681: Incorrect Conversion between Numeric Types","CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-681: Incorrect Conversion between Numeric Types","cweUrl: https://cwe.mitre.org/data/definitions/681.html","cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"unformattedDescription":"Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26178","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26178","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Advanced Rasterization Platform","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-681: Incorrect Conversion between Numeric Types","https://cwe.mitre.org/data/definitions/681.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[{"title":"Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An attacker could create malicious WebGL content that triggers an unsafe buffer copy inside D3D10Warp.dll(Direct3D 10 WARP (Windows Advanced Rasterization Platform)).</p>\n<p>When a user\u2019s browser processes this content, the attacker\u2011controlled parameters can cause a buffer overflow in the Windows graphics component, potentially enabling elevated privileges on the system.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>A user would need to visit a website or open content that uses WebGL features such as gl.texStorage3D or gl.texSubImage3D inside a Chromium\u2011based browser. No additional actions beyond loading this content are required.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26178","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f90c2c29-d21c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000cb734372","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26177","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26177","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26177","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26177","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e747a2fd-d11c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000030ff9bcf","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26176","cveTitle":"Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26176","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26176","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Client Side Caching driver (csc.sys)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26176","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"81beccdd-d11c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003746e1fc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26173","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free","CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26173","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26173","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26173","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5c526e76-d11c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009cd1395a","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26172","cveTitle":"Windows Push Notifications Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26172","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26172","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Defender for Endpoint Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"title":"Microsoft Defender for Endpoint Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer Isolation</a> for more information.</p>\n","ordinal":10000},{"title":"Windows Push Notifications Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26172","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d7818815-d11c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000066e8ea14","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26170","cveTitle":"PowerShell Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26170","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26170","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft PowerShell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Microsoft PowerShell Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26170","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fdec9542-d01c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d801cecc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26169","cveTitle":"Windows Kernel Memory Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-126: Buffer Over-read"],"cweDetailsListForSearch":["cwe: CWE-126: Buffer Over-read","cweUrl: https://cwe.mitre.org/data/definitions/126.html"],"unformattedDescription":"Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-26169","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26169","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel Memory","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"6.1","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-126: Buffer Over-read","https://cwe.mitre.org/data/definitions/126.html"]}],"articles":[{"title":"Windows Kernel Memory Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000},{"title":"Kernel Memory Information Disclosure","articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could view sensitive information, (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26169","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"08d95517-d01c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003d8d262a","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26168","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-21T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26168","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26168","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>In this case, a successful attack could be performed from a low privilege <a href=\"https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation\">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26168","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d7b2b3b9-cf1c-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-26168","version":1.1,"revisionDate":"2026-04-21T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Acknowledgement added. This is an informational change only.</p>\n","unformattedDescription":"Acknowledgement added. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"2b63d759-a23d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003646e1fc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26163","cveTitle":"Windows Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26163","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26163","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000},{"title":"Windows Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26163","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fefe39cc-cd1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d701cecc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26159","cveTitle":"Remote Desktop Licensing Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-306: Missing Authentication for Critical Function"],"cweDetailsListForSearch":["cwe: CWE-306: Missing Authentication for Critical Function","cweUrl: https://cwe.mitre.org/data/definitions/306.html"],"unformattedDescription":"Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26159","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26159","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Remote Desktop Licensing Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-306: Missing Authentication for Critical Function","https://cwe.mitre.org/data/definitions/306.html"]}],"articles":[{"title":"Windows Remote Desktop Licensing Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26159","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"73400238-cc1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002eff9bcf","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26156","cveTitle":"Windows Hyper-V Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-122: Heap-based Buffer Overflow","CWE-125: Out-of-bounds Read","CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html","cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html","cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-26156","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26156","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Role: Windows Hyper-V","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Windows Hyper-V Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>\n<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26156","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0533f2e6-cb1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003546e1fc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26153","cveTitle":"Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26153","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26153","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Encrypting File System (EFS)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26153","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"02d13c23-ca1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009ad1395a","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26152","cveTitle":"Microsoft Cryptographic Services Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-922: Insecure Storage of Sensitive Information"],"cweDetailsListForSearch":["cwe: CWE-922: Insecure Storage of Sensitive Information","cweUrl: https://cwe.mitre.org/data/definitions/922.html"],"unformattedDescription":"Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26152","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26152","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Cryptographic Services","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-922: Insecure Storage of Sensitive Information","https://cwe.mitre.org/data/definitions/922.html"]}],"articles":[{"title":"Windows Cryptographic Services Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26152","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0d288bd5-b928-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003446e1fc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26143","cveTitle":"Microsoft PowerShell Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.</p>\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-26143","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26143","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft PowerShell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Microsoft PowerShell Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker would have to send the victim a malicious file that the victim would have to execute.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>Exploiting this vulnerability bypasses dynamic-expression security checks which may lead to arbitrary code execution when then -SkipLimitCheck is used with Import-PowerShellDataFile. If you do not use the -SkipLimitCheck switch, you are not affected.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Windows native version of PowerShell affected by this vulnerability?</strong></p>\n<p>No, this vulnerability was introduced after PowerShell was forked from Windows powerShell so the inbox version is not affected.</p>\n<p>The current store app addresses the vulnerability.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26143","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9b990c4d-2517-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000bdf0800c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-23666","cveTitle":".NET Framework Denial of Service Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-15T07:00:00-07:00","description":"<p>Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.</p>\n","cweList":["CWE-755: Improper Handling of Exceptional Conditions"],"cweDetailsListForSearch":["cwe: CWE-755: Improper Handling of Exceptional Conditions","cweUrl: https://cwe.mitre.org/data/definitions/755.html"],"unformattedDescription":"Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-23666","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23666","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET Framework","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-755: Improper Handling of Exceptional Conditions","https://cwe.mitre.org/data/definitions/755.html"]}],"articles":[{"title":".NET Framework Denial of Service Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-23666","version":1.1,"revisionDate":"2026-04-15T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Executive Summary updated</p>\n","unformattedDescription":"Executive Summary updated","notificationNeeded":false,"notificationSent":false,"sourceId":"034fd27a-0c39-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23666","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ab8034c-6708-f111-93f7-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001f7cd969","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-23657","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-23657","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23657","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must send a user a malicious Office file and convince them to open it.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-23657","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"267cc2de-e505-f111-93f7-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000826ebf2d","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-20806","cveTitle":"Windows COM Server Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"],"cweDetailsListForSearch":["cwe: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","cweUrl: https://cwe.mitre.org/data/definitions/843.html"],"unformattedDescription":"Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-20806","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-20806","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows COM","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","https://cwe.mitre.org/data/definitions/843.html"]}],"articles":[{"title":"Windows COM Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-20806","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bbf81bd6-b1d0-f011-9395-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000023845fbc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-20928","cveTitle":"Windows Recovery Environment Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.</p>\n","cweList":["CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer"],"cweDetailsListForSearch":["cwe: CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer","cweUrl: https://cwe.mitre.org/data/definitions/212.html"],"unformattedDescription":"Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.","mitreText":"CVE-2026-20928","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-20928","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Recovery Environment Agent","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer","https://cwe.mitre.org/data/definitions/212.html"]}],"articles":[{"title":"Windows Recovery Environment Agent Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-20928","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"db287cf1-e3d5-f011-93f4-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000637cd969","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-21637","cveTitle":"HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-21637\">CVE-2026-21637</a> is regarding a vulnerability in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. HackerOne created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Node.js which address this vulnerability.</p>\n<p>Please see <a href=\"https://www.cve.org/CVERecord?id=CVE-2026-21637\">CVE-2026-21637</a> for more information.</p>\n","cweList":["CWE-400: Uncontrolled Resource Consumption"],"cweDetailsListForSearch":["cwe: CWE-400: Uncontrolled Resource Consumption","cweUrl: https://cwe.mitre.org/data/definitions/400.html"],"unformattedDescription":"[CVE-2026-21637](https://www.cve.org/CVERecord?id=CVE-2026-21637) is regarding a vulnerability in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. HackerOne created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Node.js which address this vulnerability.\n\nPlease see [CVE-2026-21637](https://www.cve.org/CVERecord?id=CVE-2026-21637) for more information.","mitreText":"CVE-2026-21637","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21637","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Node.js","issuingCna":"HackerOne","issuingCnaId":100000002,"severityId":100000002,"severity":"Moderate","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"NVD","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-400: Uncontrolled Resource Consumption","https://cwe.mitre.org/data/definitions/400.html"]}],"articles":[{"title":"Node.js Denial of Service Vulnerability","articleType":"100000000","description":"<p>Uncontrolled resource consumption in Node.js allows an unauthorized attacker to deny service over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-21637","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"de538647-7237-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ab730465","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32631","cveTitle":"GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-32631\">CVE-2026-32631</a> is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability.</p>\n<p>Please see <a href=\"https://www.cve.org/CVERecord?id=CVE-2026-32631\">CVE-2026-32631</a> for more information.</p>\n","cweList":["CWE-359: Exposure of Private Personal Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-359: Exposure of Private Personal Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/359.html"],"unformattedDescription":"[CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability.\n\nPlease see [CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) for more information.","mitreText":"CVE-2026-32631","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32631","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"GitHub Repo: Git for Windows","issuingCna":"GitHub","issuingCnaId":100000002,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.4","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"GitHub","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-359: Exposure of Private Personal Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/359.html"]}],"articles":[{"title":"GitHub Repo: Git for Windows Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Exposure of private personal information to an unauthorized actor in GitHub Repo: Git for Windows allows an unauthorized attacker to disclose information over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32631","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e912021-7137-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000c435665b","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32212","cveTitle":"Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-59: Improper Link Resolution Before File Access ('Link Following')","CWE-269: Improper Privilege Management"],"cweDetailsListForSearch":["cwe: CWE-59: Improper Link Resolution Before File Access ('Link Following')","cweUrl: https://cwe.mitre.org/data/definitions/59.html","cwe: CWE-269: Improper Privilege Management","cweUrl: https://cwe.mitre.org/data/definitions/269.html"],"unformattedDescription":"Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32212","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32212","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Universal Plug and Play (upnp.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-59: Improper Link Resolution Before File Access ('Link Following')","https://cwe.mitre.org/data/definitions/59.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-269: Improper Privilege Management","https://cwe.mitre.org/data/definitions/269.html"]}],"articles":[{"title":"Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>This vulnerability could allow a local, non\u2011administrator attacker to read any files that are accessible to the UPnP Device Host Service, which runs under the LOCAL SERVICE account. This may include restricted system files or configuration data that the attacker would not normally be able to access. The specific information exposed depends on the files that the service is permitted to read.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32212","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"83f57f83-8828-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00008865ea28","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33826","cveTitle":"Windows Active Directory Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.</p>\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.","mitreText":"CVE-2026-33826","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33826","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Active Directory","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.0","temporalScore":"7.0","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Windows Active Directory Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>To exploit this vulnerability, an authenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires that an attacker needs to be in the same restricted Active Directory domain as the target system. The attack surface is not reachable from broader networks, which is why the attack vector is considered adjacent (AV:A).</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33826","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e0dbb2a2-e731-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000edf04286","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33825","cveTitle":"Microsoft Defender Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-1220: Insufficient Granularity of Access Control"],"cweDetailsListForSearch":["cwe: CWE-1220: Insufficient Granularity of Access Control","cweUrl: https://cwe.mitre.org/data/definitions/1220.html"],"unformattedDescription":"Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33825","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33825","publiclyDisclosed":"Yes","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Defender","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"7.0","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1220: Insufficient Granularity of Access Control","https://cwe.mitre.org/data/definitions/1220.html"]}],"articles":[{"title":"Microsoft Defender Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<table>\n<thead>\n<tr>\n<th>References</th>\n<th>Identification</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Last version of the Microsoft Defender Antimalware Platform affected by this vulnerability</td>\n<td>Version 4.18.26020.6</td>\n</tr>\n<tr>\n<td>First version of the Microsoft Defender Antimalware Platform with this vulnerability addressed</td>\n<td>Version 4.18.26030.3011</td>\n</tr>\n</tbody>\n</table>\n<p>See <a href=\"https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus\">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p>\n<p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p>\n<p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p>\n<p><strong>Why is no action required to install this update?</strong></p>\n<p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Windows Defender Antimalware Platform. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p>\n<p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Windows Defender Antimalware Platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p>\n<p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Windows Defender Antimalware Platform updates and malware definitions, is working as expected in their environment.</p>\n<p><strong>How often are the Microsoft Defender Antimalware Platform and malware definitions updated?</strong></p>\n<p>Microsoft typically releases an update for the Microsoft Defender Antimalware Platform once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p>\n<p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for platform, engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p>\n<p><strong>What is the Microsoft Defender Antimalware Platform?</strong></p>\n<p>The Microsoft Defender Antimalware Platform is a collection of user-mode binaries (e.g. MsMpEng.exe) and kernel-mode drivers that run on top of Windows to keep devices protected against new and prevalent threats.</p>\n<p><strong>Microsoft Defender uses the Windows Defender Antimalware Platform. On which products is Defender installed and active by default?</strong></p>\n<p>Defender runs on all supported versions of Windows.</p>\n<p><strong>Are there other products that use the Microsoft Defender Antimalware Platform?</strong></p>\n<p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p>\n<p><strong>Does this update contain any additional security-related changes to functionality?</strong></p>\n<p>Yes.\u00a0 In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p>\n<h2 id=\"suggested-actions\">Suggested Actions</h2>\n<p><strong>Verify that the update is installed</strong></p>\n<p>Customers should verify that the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p>\n<ol>\n<li>Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.</li>\n<li>In the navigation pane, select Virus &amp; threat protection.</li>\n<li>Then click on <strong>Protection Updates</strong> in the Virus &amp; threat protection section updates.</li>\n<li>Select <strong>Check for updates</strong>.</li>\n<li>In the navigation pane, select <strong>Settings</strong>, and then select <strong>About</strong>.</li>\n<li>Examine the <strong>Antimalware ClientVersion</strong> number. The update was successfully installed if the Malware Protection Platform version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.</li>\n</ol>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33825","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"099510d2-4330-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f43788b3","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33822","cveTitle":"Microsoft Word Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.</p>\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-33822","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33822","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"6.1","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Microsoft Office Word Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must send a user a malicious Office file and convince them to open it.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33822","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1b315fac-732f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000021f041ff","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33120","cveTitle":"Microsoft SQL Server Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.</p>\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-33120","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33120","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"SQL Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SQL sysadmin privileges.</p>\n","ordinal":10000},{"title":"SQL Server Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p>\n<p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p>\n<p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p>\n<ul>\n<li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href=\"https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates\">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li>\n<li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li>\n</ul>\n<p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p>\n<table>\n<thead>\n<tr>\n<th>Update Number</th>\n<th>Title</th>\n<th>Version</th>\n<th>Apply if current product version is\u2026</th>\n<th>This security update also includes servicing releases up through\u2026</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><strong>5083245</strong></td>\n<td>Security update for SQL Server 2025 CU3+GDR</td>\n<td>17.0.4030.1</td>\n<td>17.0.4006.2 - 17.0.4025.3</td>\n<td>KB5077896 -\u00a0Previous SQL2025 RTM CU3</td>\n</tr>\n<tr>\n<td><strong>5084814</strong></td>\n<td>Security update for SQL Server 2025 RTM+GDR</td>\n<td>17.0.1110.1</td>\n<td>17.0.1000.7 - 17.0.1105.2</td>\n<td>KB5077468 - Previous SQL2025 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5083252</strong></td>\n<td>Security update for SQL Server 2022 CU24+GDR</td>\n<td>16.0.4250.1</td>\n<td>16.0.4003.1 -\u00a016.0.4245.2</td>\n<td>KB5080999 - Previous SQL2022 RTM CU24</td>\n</tr>\n<tr>\n<td><strong>5084815</strong></td>\n<td>Security update for SQL Server 2022 RTM+GDR</td>\n<td>16.0.1175.1</td>\n<td>16.0.1000.6 -\u00a016.0.1170.5</td>\n<td>KB5077465 - Previous SQL2022 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084816</strong></td>\n<td>Security update for SQL Server 2019 CU32+GDR</td>\n<td>15.0.4465.1</td>\n<td>15.0.4003.23 - 15.0.4460.4</td>\n<td>KB 5077469 - Previous SQL2019 RTM CU32 GDR</td>\n</tr>\n<tr>\n<td><strong>5084817</strong></td>\n<td>Security update for SQL Server 2019 RTM+GDR</td>\n<td>15.0.2165.1</td>\n<td>15.0.2000.5 -\u00a015.0.2160.4</td>\n<td>KB 5077470 - Previous SQL2019 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084818</strong></td>\n<td>Security update for SQL Server 2017 CU31+GDR</td>\n<td>14.0.3525.1</td>\n<td>14.0.3006.16 - 14.0.3520.4</td>\n<td>KB 5077471 - Previous SQL2017 RTM CU31 GDR</td>\n</tr>\n<tr>\n<td><strong>5084819</strong></td>\n<td>Security update for SQL Server 2017 RTM+GDR</td>\n<td>14.0.2105.1</td>\n<td>14.0.1000.169 - 14.0.2100.4</td>\n<td>KB 5077472 - Previous SQL2017 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084820</strong></td>\n<td>Security update for SQL Server 2016 Azure Connect Feature Pack+GDR</td>\n<td>13.0.7080.1</td>\n<td>13.0.7000.253 - 13.0.7075.5</td>\n<td>KB 5077473 - Previous SQL2016 Azure Connect Feature Pack\u00a0GDR</td>\n</tr>\n<tr>\n<td><strong>5084821</strong></td>\n<td>Security update for SQL Server 2016 SP3+GDR</td>\n<td>13.0.6485.1</td>\n<td>13.0.6300.2 - 13.0.6480.4</td>\n<td>KB 5077474 - Previous SQL2016 RTM GDR</td>\n</tr>\n</tbody>\n</table>\n<p><strong>What are the GDR and CU update designations and how do they differ?</strong></p>\n<p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p>\n<ul>\n<li>GDR updates \u2013 cumulatively only contain security updates for the given baseline.</li>\n<li>CU updates \u2013 cumulatively contain all functional fixes and security updates for the given baseline.</li>\n</ul>\n<p>For any given baseline, either the GDR or CU updates could be options (see below).</p>\n<ul>\n<li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li>\n<li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li>\n<li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li>\n</ul>\n<p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p>\n<p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p>\n<p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33120","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8d8476f6-122e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000e806f3b9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33116","cveTitle":".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.</p>\n","cweList":["CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')","CWE-400: Uncontrolled Resource Consumption","CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')","cweUrl: https://cwe.mitre.org/data/definitions/835.html","cwe: CWE-400: Uncontrolled Resource Consumption","cweUrl: https://cwe.mitre.org/data/definitions/400.html","cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-33116","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33116","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET, .NET Framework, Visual Studio","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')","https://cwe.mitre.org/data/definitions/835.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-400: Uncontrolled Resource Consumption","https://cwe.mitre.org/data/definitions/400.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":".NET, .NET Framework, Visual Studio Denial of Service Vulnerability","articleType":"100000000","description":"<p>Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33116","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"47631fd6-ed2d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b3b3c4c6","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33098","cveTitle":"Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33098","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33098","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Container Isolation FS Filter Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33098","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1fdb8392-5e29-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000a5253a6c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33096","cveTitle":"HTTP.sys Denial of Service Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.</p>\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-33096","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33096","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows HTTP.sys","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows HTTP.sys Denial of Service Vulnerability","articleType":"100000000","description":"<p>Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.</p>\n","ordinal":10000},{"articleType":"Mitigation","description":"<p><a href=\"https://www.microsoft.com/en-us/msrc/glossary#Mitigation\">Mitigation</a> refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.</p>\n<p><strong>The following mitigating factors might help in your situation:</strong></p>\n<p><strong>Caution</strong> Follow these steps carefully. Serious problems might occur if you modify the registry incorrectly.</p>\n<p>To disable HTTP/3, remove the following registry values from the specified key:</p>\n<ol>\n<li>Open Registry Editor (regedit.exe).</li>\n<li>Navigate to HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HTTP\\Parameters.</li>\n<li>Back up the key: select <strong>Parameters</strong>, then select <strong>File</strong> &gt; <strong>Export</strong>, and save the .reg file to a secure location.</li>\n<li>If present, delete the <strong>EnableHttp3</strong> value.</li>\n<li>If present, delete the <strong>EnableAltSvc</strong> value.</li>\n<li>Restart the device after making these changes.</li>\n</ol>\n<p>After the restart, all http.sys-based server applications on that device will no longer serve HTTP/3 clients.</p>\n<p>Note: If either value is not present, no change is required for that value.</p>\n<p><strong>Restore:</strong> To undo this change, double-click the exported .reg file (or in Registry Editor, select <strong>File</strong> &gt; <strong>Import</strong>) to restore the previous settings.</p>\n<p>After you install the security update, you no longer need this mitigation.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33096","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a88a28d0-5529-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000ab192c9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33095","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-33095","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33095","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must send a user a malicious Office file and convince them to open it.</p>\n","ordinal":10000},{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33095","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9db74156-3929-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00005963c8d0","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32226","cveTitle":".NET Framework Denial of Service Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-32226","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32226","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET Framework","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"5.9","temporalScore":"5.2","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32226","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e6bc51d2-3729-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00008f4c1716","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32224","cveTitle":"Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32224","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32224","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Server Update Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Server Update Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires that the target system be set up in a specific manner and the attacker to have knowledge of that setup.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32224","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d80ade52-3529-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000060aa0dfe","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32223","cveTitle":"Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-21T07:00:00-07:00","description":"<p>Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.</p>\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.","mitreText":"CVE-2026-32223","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32223","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows USB Print Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"6.8","temporalScore":"5.9","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows USB Print Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32223","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fd841ae7-3429-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32223","version":1.1,"revisionDate":"2026-04-16T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Acknowledgement added. This is an informational change only.</p>\n","unformattedDescription":"Acknowledgement added. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"94fc92c9-9e39-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-32223","version":1.3,"revisionDate":"2026-04-21T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Acknowledgement added. This is an informational change only.</p>\n","unformattedDescription":"Acknowledgement added. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"d08b9478-a23d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c535665b","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32222","cveTitle":"Windows Win32k Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32222","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32222","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - ICOMP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"title":"Windows Win32K - ICOMP Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32222","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"409689b5-3429-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000096935c43","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32221","cveTitle":"Windows Graphics Component Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32221","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32221","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Graphics Component","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"title":"Microsoft Graphics Component Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32221","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5eb1941e-3429-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000fb1eb5a0","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32220","cveTitle":"UEFI Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.</p>\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-32220","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32220","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Virtualization-Based Security (VBS) Enclave","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"4.4","temporalScore":"3.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Windows Virtualization-Based Security (VBS) Enclave Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could bypass the <a href=\"https://learn.microsoft.com/windows-hardware/design/device-experiences/oem-vbs\">Virtualization-based Security</a> feature.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32220","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c906d6dc-3329-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006d389858","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32219","cveTitle":"Microsoft Brokering File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-415: Double Free","CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html","cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32219","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32219","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Brokering File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Microsoft Brokering File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32219","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"485810a0-3329-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000051642dbf","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2023-20585","cveTitle":"AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>The vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.</p>\n<p>Please see the following for more information:</p>\n<ul>\n<li>[https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3016.html]</li>\n</ul>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"The vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. \n\nPlease see the following for more information:\n\n* [https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3016.html]","mitreText":"CVE-2023-20585","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2023-20585","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Input-Output Memory Management Unit (IOMMU)","issuingCna":"AMD","issuingCnaId":100000002,"severityId":100000001,"severity":"Important","impactId":100000009,"impact":"Tampering","langCode":"en-US","baseScore":"5.3","temporalScore":"4.6","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"title":"Input-Output Memory Management Unit (IOMMU) Tampering Vulnerability","articleType":"100000000","description":"<p>No cwe for this issue in Input-Output Memory Management Unit (IOMMU) allows an authorized attacker to perform tampering locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2023-20585","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6b2745a2-3029-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d2c3f0b5","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32218","cveTitle":"Windows Kernel Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-532: Insertion of Sensitive Information into Log File"],"cweDetailsListForSearch":["cwe: CWE-532: Insertion of Sensitive Information into Log File","cweUrl: https://cwe.mitre.org/data/definitions/532.html"],"unformattedDescription":"Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32218","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32218","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-532: Insertion of Sensitive Information into Log File","https://cwe.mitre.org/data/definitions/532.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p>\n","ordinal":10000},{"title":"Windows Kernel Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32218","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8182b52f-2e29-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f3d76f73","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32217","cveTitle":"Windows Kernel Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-532: Insertion of Sensitive Information into Log File"],"cweDetailsListForSearch":["cwe: CWE-532: Insertion of Sensitive Information into Log File","cweUrl: https://cwe.mitre.org/data/definitions/532.html"],"unformattedDescription":"Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32217","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32217","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-532: Insertion of Sensitive Information into Log File","https://cwe.mitre.org/data/definitions/532.html"]}],"articles":[{"title":"Windows Kernel Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32217","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3cf1971e-2e29-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00005863c8d0","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32216","cveTitle":"Windows Redirected Drive Buffering System Denial of Service Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.</p>\n","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"unformattedDescription":"Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.","mitreText":"CVE-2026-32216","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32216","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Redirected Drive Buffering","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000002,"severity":"Moderate","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[{"title":"Windows Redirected Drive Buffering Denial of Service Vulnerability","articleType":"100000000","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32216","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"43568df4-2d29-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000029c1beb8","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32215","cveTitle":"Windows Kernel Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-532: Insertion of Sensitive Information into Log File"],"cweDetailsListForSearch":["cwe: CWE-532: Insertion of Sensitive Information into Log File","cweUrl: https://cwe.mitre.org/data/definitions/532.html"],"unformattedDescription":"Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32215","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32215","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-532: Insertion of Sensitive Information into Log File","https://cwe.mitre.org/data/definitions/532.html"]}],"articles":[{"title":"Windows Kernel Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32215","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"068d2c5c-2529-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000c335665b","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32202","cveTitle":"Windows Shell Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-27T07:00:00-07:00","description":"<p>Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-32202","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32202","publiclyDisclosed":"No","exploited":"Yes","latestSoftwareReleaseId":0,"latestSoftwareRelease":"Exploitation Detected","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Shell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.3","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"title":"Windows Shell Spoofing Vulnerability","articleType":"100000000","description":"<p>Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker would have to send the victim a malicious file that the victim would have to execute.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32202","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b0682f10-1127-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32202","version":1.1,"revisionDate":"2026-04-27T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Corrected the Exploitability Index, Exploited flag and CVSS vector which was incorrect at the time of publication on 4/14/2026. This is an informational change only.</p>\n","unformattedDescription":"Corrected the Exploitability Index, Exploited flag and CVSS vector which was incorrect at the time of publication on 4/14/2026. This is an informational change only.","notificationNeeded":true,"notificationSent":true,"sourceId":"781d2b8d-7d42-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000030a9fcd1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32195","cveTitle":"Windows Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"unformattedDescription":"Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32195","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32195","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[{"title":"Windows Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32195","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4b2ecb7b-bc23-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006dd99044","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32192","cveTitle":"Azure Monitor Agent Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32192","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32192","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Monitor Agent","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"title":"Azure Monitor Agent Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32192","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6b8fd626-b123-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007320d671","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32189","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32189","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32189","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must send a user a malicious Office file and convince them to open it.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32189","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"58644e49-9e23-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000e957d14","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32188","cveTitle":"Microsoft Excel Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p>\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-32188","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32188","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.1","temporalScore":"6.2","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must send a user a malicious Office file and convince them to open it.</p>\n","ordinal":10000},{"title":"Microsoft Office Excel Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32188","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cf013c0b-9e23-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ca1da474","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32184","cveTitle":"Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32184","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32184","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft High Performance Compute Pack (HPC)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"title":"Microsoft High Performance Compute Pack (HPC) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What do customers need to do to mitigate this vulnerability?</strong></p>\n<p>Customers should install the latest security update for <strong>HPC Pack 2019 Update 3</strong> on affected systems. Microsoft has released HPC Pack 2019 Update 3 Fixes (<strong>Build 6.3.8355</strong>), which includes all previously released fixes for this vulnerability. Customers running HPC Pack 2019 Update 3 can apply this update directly, regardless of whether earlier fixes were installed. Customers using earlier versions of HPC Pack must first upgrade to HPC Pack 2019 Update 3 (Build 6.3.8328) before applying the fix. HPC Pack 2016 is not supported for this update; customers using that version must migrate to HPC Pack 2019 Update 3 to be protected. This update applies <strong>only to head nodes</strong> and updates a limited set of binaries related to the HPC Scheduler and Management services. Other node types are not affected and do not require action.</p>\n<p><strong>Is a fix available for HPC Pack 2016?</strong></p>\n<p>No. There are no QFE updates available for HPC Pack 2016. Customers using HPC Pack 2016 must migrate to HPC Pack 2019 Update 3 and then apply the available QFE to receive the fix.</p>\n<p><strong>Do I need to apply the QFE to all nodes in an HPC Pack cluster?</strong></p>\n<p>No. The QFE only needs to be applied to the head nodes of the HPC Pack cluster. Compute nodes are not affected and do not require the update.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32184","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9564a2e1-be22-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d164e9a1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32183","cveTitle":"Windows Snipping Tool Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/77.html"],"unformattedDescription":"Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32183","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32183","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Snipping Tool","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","https://cwe.mitre.org/data/definitions/77.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>\n<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>\n","ordinal":10000},{"title":"Windows Snipping Tool Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32183","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"590939b1-4f22-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00009b7b9a5c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32181","cveTitle":"Connected User Experiences and Telemetry Service Denial of Service Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.</p>\n","cweList":["CWE-269: Improper Privilege Management"],"cweDetailsListForSearch":["cwe: CWE-269: Improper Privilege Management","cweUrl: https://cwe.mitre.org/data/definitions/269.html"],"unformattedDescription":"Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.","mitreText":"CVE-2026-32181","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32181","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Windows","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-269: Improper Privilege Management","https://cwe.mitre.org/data/definitions/269.html"]}],"articles":[{"title":"Microsoft Windows Denial of Service Vulnerability","articleType":"100000000","description":"<p>Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32181","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9faa1030-4922-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000015957d14","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32178","cveTitle":".NET Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-138: Improper Neutralization of Special Elements"],"cweDetailsListForSearch":["cwe: CWE-138: Improper Neutralization of Special Elements","cweUrl: https://cwe.mitre.org/data/definitions/138.html"],"unformattedDescription":"Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-32178","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32178","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-138: Improper Neutralization of Special Elements","https://cwe.mitre.org/data/definitions/138.html"]}],"articles":[{"title":".NET Spoofing Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32178","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4c676b6a-3f22-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000014957d14","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32168","cveTitle":"Azure Monitor Agent Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32168","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32168","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Monitor Agent","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Azure Monitor Agent Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could an attacker gain with successful exploitation?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could elevate their privileges to 'root' user.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An attacker with the ability to run code as the syslog user on an affected Azure Linux Virtual Machine could modify specific configuration files used by the Azure Monitor agent. The agent processes these files with root\u2011level permissions and does not properly validate their contents, a malicious modification could cause the agent to execute unintended commands with elevated privileges. If exploited, the attacker could gain root access on the affected VM.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32168","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6d77e8e5-ec1e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006b924b17","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32167","cveTitle":"SQL Server Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"cweDetailsListForSearch":["cwe: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","cweUrl: https://cwe.mitre.org/data/definitions/89.html"],"unformattedDescription":"Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32167","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32167","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"SQL Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"6.7","temporalScore":"5.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","https://cwe.mitre.org/data/definitions/89.html"]}],"articles":[{"title":"SQL Server Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SQL sysadmin privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p>\n<p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p>\n<p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p>\n<ul>\n<li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href=\"https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates\">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li>\n<li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li>\n</ul>\n<p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p>\n<table>\n<thead>\n<tr>\n<th>Update Number</th>\n<th>Title</th>\n<th>Version</th>\n<th>Apply if current product version is\u2026</th>\n<th>This security update also includes servicing releases up through\u2026</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><strong>5083245</strong></td>\n<td>Security update for SQL Server 2025 CU3+GDR</td>\n<td>17.0.4030.1</td>\n<td>17.0.4006.2 - 17.0.4025.3</td>\n<td>KB5077896 -\u00a0Previous SQL2025 RTM CU3</td>\n</tr>\n<tr>\n<td><strong>5084814</strong></td>\n<td>Security update for SQL Server 2025 RTM+GDR</td>\n<td>17.0.1110.1</td>\n<td>17.0.1000.7 - 17.0.1105.2</td>\n<td>KB5077468 - Previous SQL2025 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5083252</strong></td>\n<td>Security update for SQL Server 2022 CU24+GDR</td>\n<td>16.0.4250.1</td>\n<td>16.0.4003.1 -\u00a016.0.4245.2</td>\n<td>KB5080999 - Previous SQL2022 RTM CU24</td>\n</tr>\n<tr>\n<td><strong>5084815</strong></td>\n<td>Security update for SQL Server 2022 RTM+GDR</td>\n<td>16.0.1175.1</td>\n<td>16.0.1000.6 -\u00a016.0.1170.5</td>\n<td>KB5077465 - Previous SQL2022 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084816</strong></td>\n<td>Security update for SQL Server 2019 CU32+GDR</td>\n<td>15.0.4465.1</td>\n<td>15.0.4003.23 - 15.0.4460.4</td>\n<td>KB 5077469 - Previous SQL2019 RTM CU32 GDR</td>\n</tr>\n<tr>\n<td><strong>5084817</strong></td>\n<td>Security update for SQL Server 2019 RTM+GDR</td>\n<td>15.0.2165.1</td>\n<td>15.0.2000.5 -\u00a015.0.2160.4</td>\n<td>KB 5077470 - Previous SQL2019 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084818</strong></td>\n<td>Security update for SQL Server 2017 CU31+GDR</td>\n<td>14.0.3525.1</td>\n<td>14.0.3006.16 - 14.0.3520.4</td>\n<td>KB 5077471 - Previous SQL2017 RTM CU31 GDR</td>\n</tr>\n<tr>\n<td><strong>5084819</strong></td>\n<td>Security update for SQL Server 2017 RTM+GDR</td>\n<td>14.0.2105.1</td>\n<td>14.0.1000.169 - 14.0.2100.4</td>\n<td>KB 5077472 - Previous SQL2017 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084820</strong></td>\n<td>Security update for SQL Server 2016 Azure Connect Feature Pack+GDR</td>\n<td>13.0.7080.1</td>\n<td>13.0.7000.253 - 13.0.7075.5</td>\n<td>KB 5077473 - Previous SQL2016 Azure Connect Feature Pack\u00a0GDR</td>\n</tr>\n<tr>\n<td><strong>5084821</strong></td>\n<td>Security update for SQL Server 2016 SP3+GDR</td>\n<td>13.0.6485.1</td>\n<td>13.0.6300.2 - 13.0.6480.4</td>\n<td>KB 5077474 - Previous SQL2016 RTM GDR</td>\n</tr>\n</tbody>\n</table>\n<p><strong>What are the GDR and CU update designations and how do they differ?</strong></p>\n<p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p>\n<ul>\n<li>GDR updates \u2013 cumulatively only contain security updates for the given baseline.</li>\n<li>CU updates \u2013 cumulatively contain all functional fixes and security updates for the given baseline.</li>\n</ul>\n<p>For any given baseline, either the GDR or CU updates could be options (see below).</p>\n<ul>\n<li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li>\n<li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li>\n<li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li>\n</ul>\n<p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p>\n<p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p>\n<p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32167","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b4ea3b30-621e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000035a9fcd1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32165","cveTitle":"Windows User Interface Core Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free","CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32165","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32165","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows User Interface Core","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a> for more information.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer Isolation</a> for more information.</p>\n","ordinal":10000},{"title":"Windows User Interface Core Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32165","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6498a31a-521e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000621ed3be","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-0390","cveTitle":"UEFI Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.</p>\n","cweList":["CWE-807: Reliance on Untrusted Inputs in a Security Decision"],"cweDetailsListForSearch":["cwe: CWE-807: Reliance on Untrusted Inputs in a Security Decision","cweUrl: https://cwe.mitre.org/data/definitions/807.html"],"unformattedDescription":"Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-0390","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-0390","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Boot Loader","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"6.7","temporalScore":"5.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-807: Reliance on Untrusted Inputs in a Security Decision","https://cwe.mitre.org/data/definitions/807.html"]}],"articles":[{"title":"Windows Boot Loader Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.</p>\n","ordinal":10000},{"title":"Authentication Bypass","articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>The authentication feature could be bypassed as this vulnerability allows impersonation.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-0390","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79190f25-481e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00003cf041ff","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32160","cveTitle":"Windows Push Notifications Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32160","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32160","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows Push Notifications Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p>\n","ordinal":10002}],"revisions":[{"cveNumber":"CVE-2026-32160","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3b560aaf-081d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007820d671","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32159","cveTitle":"Windows Push Notifications Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32159","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32159","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Push Notifications Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p>\n","ordinal":10002}],"revisions":[{"cveNumber":"CVE-2026-32159","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3cfad690-081d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000013957d14","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32158","cveTitle":"Windows Push Notifications Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32158","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32158","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer Isolation</a> for more information.</p>\n","ordinal":10000},{"title":"Windows Push Notifications Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32158","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"add8d42b-081d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006a924b17","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32157","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-32157","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32157","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>\n<p>This attack requires an authorized user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>\n","ordinal":10000},{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with a vulnerable Remote Desktop Client.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32157","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6cc241ef-071d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000507f3b9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32156","cveTitle":"Windows UPnP Device Host Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32156","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32156","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Universal Plug and Play (UPnP) Device Host","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.4","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Universal Plug and Play (UPnP) Device Host Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32156","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"64638bcc-021d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000cf1da474","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32154","cveTitle":"Desktop Window Manager Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32154","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32154","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Desktop Window Manager","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Desktop Window Manager Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32154","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1d9c5b70-021d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000071d99044","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32152","cveTitle":"Desktop Window Manager Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32152","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32152","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Desktop Window Manager","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Desktop Window Manager Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32152","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"41b95a26-021d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000cd6c7f99","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32093","cveTitle":"Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","cweUrl: https://cwe.mitre.org/data/definitions/367.html","cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32093","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32093","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Function Discovery Service (fdwsd.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","https://cwe.mitre.org/data/definitions/367.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32093","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0432f365-ea1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000fc0e89b1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32090","cveTitle":"Windows Speech Brokered Api Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32090","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32090","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Speech Brokered Api","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Speech Brokered Api Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32090","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"25197e9b-e91c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006e286c69","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32089","cveTitle":"Windows Speech Brokered Api Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free","CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32089","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32089","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Speech Brokered Api","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows Speech Brokered Api Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32089","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"19cb5274-e91c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000609ae10e","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32087","cveTitle":"Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32087","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32087","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Function Discovery Service (fdwsd.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32087","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2a547097-e81c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00002ab192c9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32085","cveTitle":"Remote Procedure Call Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32085","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32085","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Remote Procedure Call","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Windows Remote Procedure Call Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32085","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f33fc74d-e81c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000cc6c7f99","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32083","cveTitle":"Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32083","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32083","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows SSDP Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows SSDP Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32083","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8baf3f15-e81c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000031f8d7f6","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32082","cveTitle":"Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32082","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32082","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows SSDP Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows SSDP Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"title":"Windows SSDP Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32082","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4ece2bf6-e71c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000096833054","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32081","cveTitle":"Package Catalog Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32081","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32081","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows File Explorer","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Windows File Explorer Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an address from an object operating at a High Integrity Level in a contained (&quot;sandboxed&quot;) execution environment.</p>\n<p>Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a>  for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32081","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f308dde0-e71c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000031b192c9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32075","cveTitle":"Windows UPnP Device Host Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32075","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32075","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Universal Plug and Play (UPnP) Device Host","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>A high attack complexity means that successful exploitation is complex and time\u2011consuming, requiring significant effort and precise conditions for an attacker to reliably exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32075","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d5b48c96-e61c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d36c7f99","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32073","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32073","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32073","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32073","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cf108c60-e61c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00009d833054","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32071","cveTitle":"Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.</p>\n","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"unformattedDescription":"Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-32071","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32071","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Local Security Authority Subsystem Service (LSASS)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[{"title":"Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability","articleType":"100000000","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32071","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f3f13607-e61c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b49c4274","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27931","cveTitle":"Windows GDI Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.</p>\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-27931","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27931","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows GDI","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows GDI Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>This vulnerability may allow an attacker to access small portions of memory from the affected application when it processes a specially crafted Enhanced Metafile (EMF). This issue is an out\u2011of\u2011bounds read, any disclosure would be limited to whatever data happens to reside in adjacent memory at the time.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>The user would have to open or preview content that contains the malicious Enhanced Metafile (EMF).</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27931","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c9abf004-e01c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ddf7065f","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27929","cveTitle":"Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"],"cweDetailsListForSearch":["cwe: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","cweUrl: https://cwe.mitre.org/data/definitions/367.html"],"unformattedDescription":"Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27929","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27929","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows LUAFV","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","https://cwe.mitre.org/data/definitions/367.html"]}],"articles":[{"title":"Windows LUAFV Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27929","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce6c87a9-df1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007fb3f32e","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27927","cveTitle":"Windows Projected File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27927","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27927","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Projected File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Projected File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27927","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ed664a4c-df1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000e43e4c8c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27926","cveTitle":"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27926","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27926","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Cloud Files Mini Filter Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27926","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fa4bfc0f-df1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ae55fd46","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27924","cveTitle":"Desktop Window Manager Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27924","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27924","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Desktop Window Manager","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Desktop Window Manager Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27924","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4c3d473b-de1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b59c4274","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27921","cveTitle":"Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27921","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27921","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows TCP/IP Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27921","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cbbd3519-dd1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000daf7065f","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27919","cveTitle":"Windows UPnP Device Host Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27919","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27919","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Universal Plug and Play (UPnP) Device Host","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"title":"Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27919","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"98085b78-dc1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00003f835fbc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27918","cveTitle":"Windows Shell Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27918","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27918","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Shell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows Shell Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27918","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a4a2e23b-dc1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007cb3f32e","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27917","cveTitle":"Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27917","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27917","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"title":"Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27917","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"022ce31d-dc1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000046caa4e9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27915","cveTitle":"Windows UPnP Device Host Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27915","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27915","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Universal Plug and Play (UPnP) Device Host","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploits this vulnerability could gain access to a limited set of administrator-protected objects.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27915","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6bd4fa68-db1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000040835fbc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27908","cveTitle":"Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27908","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27908","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TDI Translation Driver (tdx.sys)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"title":"Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27908","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"56ad9734-d61c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007db3f32e","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27907","cveTitle":"Windows Storage Spaces Controller Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-191: Integer Underflow (Wrap or Wraparound)"],"cweDetailsListForSearch":["cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html"],"unformattedDescription":"Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-27907","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27907","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Storage Spaces Controller","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Storage Spaces Controller Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27907","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ddc1334d-d51c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000e23e4c8c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27906","cveTitle":"Windows Hello Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.</p>\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-27906","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27906","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Hello","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"4.4","temporalScore":"3.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Windows Hello Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>This vulnerability could allow an attacker with administrative control of the operating system to bypass protection mechanisms that rely on trusted, non\u2011rollback TPM counters. Specifically, it could undermine Windows Hello\u2019s safeguards that prevent reuse of pre\u2011generated authentication keys and Recall\u2019s protections against loading older, potentially tampered\u2011with settings.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27906","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"99118e19-d51c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00002846e1fc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26183","cveTitle":"Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26183","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26183","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows RPC API","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows RPC API Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26183","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b2e1beed-d31c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f25c92b7","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26181","cveTitle":"Microsoft Brokering File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free","CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26181","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26181","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Brokering File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Microsoft Brokering File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26181","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"09fde9d8-d21c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000057e8ea14","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26180","cveTitle":"Windows Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26180","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26180","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26180","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e3449c94-d21c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d901cecc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26179","cveTitle":"Windows Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26179","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26179","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"title":"Windows Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26179","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f630e350-d21c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000958af42c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26175","cveTitle":"Windows Boot Manager Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.</p>\n","cweList":["CWE-908: Use of Uninitialized Resource"],"cweDetailsListForSearch":["cwe: CWE-908: Use of Uninitialized Resource","cweUrl: https://cwe.mitre.org/data/definitions/908.html"],"unformattedDescription":"Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.","mitreText":"CVE-2026-26175","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26175","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Boot Manager","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-908: Use of Uninitialized Resource","https://cwe.mitre.org/data/definitions/908.html"]}],"articles":[{"title":"Windows Boot Manager Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26175","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6f6f52c2-d11c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000fa154d8a","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26174","cveTitle":"Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26174","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26174","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Server Update Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Server Update Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires that the target system be set up in a specific manner and the attacker to have knowledge of that setup.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26174","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b8e7a795-d11c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ca734372","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26167","cveTitle":"Windows Push Notifications Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26167","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26167","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer Isolation</a> for more information.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a> for more information.</p>\n","ordinal":10000},{"title":"Windows Push Notifications Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26167","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"91a9f331-cf1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00002fff9bcf","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26166","cveTitle":"Windows Shell Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Double free in Windows Shell allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows Shell allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26166","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26166","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Shell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"title":"Windows Shell Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Double free in Windows Shell allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26166","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"db654f51-ce1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000948af42c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26165","cveTitle":"Windows Shell Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26165","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26165","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Shell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Shell Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26165","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"718c0024-ce1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00009bd1395a","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26162","cveTitle":"Windows OLE Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"],"cweDetailsListForSearch":["cwe: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","cweUrl: https://cwe.mitre.org/data/definitions/843.html"],"unformattedDescription":"Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26162","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26162","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows OLE","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","https://cwe.mitre.org/data/definitions/843.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows OLE Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26162","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"abb2ae8b-cd1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000005d92b7","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26161","cveTitle":"Windows Sensor Data Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-822: Untrusted Pointer Dereference","CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html","cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26161","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26161","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Sensor Data Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Windows Sensor Data Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26161","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fea593c9-cc1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000065e8ea14","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26160","cveTitle":"Remote Desktop Licensing Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-306: Missing Authentication for Critical Function"],"cweDetailsListForSearch":["cwe: CWE-306: Missing Authentication for Critical Function","cweUrl: https://cwe.mitre.org/data/definitions/306.html"],"unformattedDescription":"Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-26160","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26160","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Remote Desktop Licensing Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-306: Missing Authentication for Critical Function","https://cwe.mitre.org/data/definitions/306.html"]}],"articles":[{"title":"Windows Remote Desktop Licensing Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26160","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bcc56265-cc1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000938af42c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26155","cveTitle":"Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","cweList":["CWE-126: Buffer Over-read"],"cweDetailsListForSearch":["cwe: CWE-126: Buffer Over-read","cweUrl: https://cwe.mitre.org/data/definitions/126.html"],"mitreText":"CVE-2026-26155","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26155","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Local Security Authority Subsystem Service (LSASS)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-126: Buffer Over-read","https://cwe.mitre.org/data/definitions/126.html"]}],"articles":[{"title":"Windows Local Security Authority Subsystem Service (LSASS) Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Buffer over-read in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to disclose information over a network.</p>\n","ordinal":10000},{"title":"Windows Local Security Authority Subsystem Service (LSASS) Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Buffer over-read in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to disclose information over a network.</p>\n","ordinal":10000},{"title":"Windows Local Security Authority Subsystem Service (LSASS) Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Buffer over-read in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to disclose information over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26155","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"de4e3fa0-cb1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f8154d8a","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26154","cveTitle":"Windows Server Update Service (WSUS) Tampering Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.</p>\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.","mitreText":"CVE-2026-26154","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26154","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Server Update Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000009,"impact":"Tampering","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p>\n<p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p>\n","ordinal":10000},{"title":"Windows Server Update Service Tampering Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26154","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4e45eb60-cb1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ff5c92b7","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26151","cveTitle":"Remote Desktop Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-357: Insufficient UI Warning of Dangerous Operations"],"cweDetailsListForSearch":["cwe: CWE-357: Insufficient UI Warning of Dangerous Operations","cweUrl: https://cwe.mitre.org/data/definitions/357.html"],"unformattedDescription":"Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-26151","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26151","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Remote Desktop","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"7.1","temporalScore":"6.2","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-357: Insufficient UI Warning of Dangerous Operations","https://cwe.mitre.org/data/definitions/357.html"]}],"articles":[{"title":"Windows Remote Desktop Spoofing Vulnerability","articleType":"100000000","description":"<p>Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could view sensitive information, (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit the vulnerability?</strong></p>\n<p>In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit the vulnerability.</p>\n<p>In any case an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Where can I finder more information about this update</strong></p>\n<p>Starting with the April 2026 security update, the Remote Desktop Connection app shows new security warnings when you open RDP files. This article explains what these warnings mean and how to respond to them safely: <a href=\"https://go.microsoft.com/fwlink/?linkid=2347342\">https://go.microsoft.com/fwlink/?linkid=2347342</a></p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26151","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"62ad7352-c61c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d601cecc","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26149","cveTitle":"Microsoft Power Apps Desktop Client Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-27T07:00:00-07:00","description":"<p>Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences"],"cweDetailsListForSearch":["cwe: CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences","cweUrl: https://cwe.mitre.org/data/definitions/150.html"],"unformattedDescription":"Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-26149","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26149","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Power Apps","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"9.0","temporalScore":"7.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences","https://cwe.mitre.org/data/definitions/150.html"]}],"articles":[{"title":"Microsoft Power Apps Spoofing Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are Low (PR:L). What does that mean for this vulnerability?</strong></p>\n<p>A user must interact with a malicious Power Apps canvas app, such as by opening or using it.\nAdditionally, an attacker only needs basic capabilities to create or share a Power App; they do not need administrative access.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to the attacker gaining the ability to interact with other tenant\u2019s applications and content.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An attacker could create a malicious Power Apps canvas app that includes an external protocol link disguised with leading whitespace. When a user opens the app, the resulting warning dialog may appear incomplete or misleading. If the user proceeds, the app could trigger an external protocol call that performs unintended actions on the user\u2019s device.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26149","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"64f899e6-c81b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-26149","version":2.1,"revisionDate":"2026-04-27T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","notificationNeeded":false,"notificationSent":false,"sourceId":"45880328-7642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-26149","version":2,"revisionDate":"2026-04-20T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","notificationNeeded":false,"notificationSent":false,"sourceId":"103bfeb6-f63c-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000860732c7","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-23670","cveTitle":"Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.</p>\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-23670","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23670","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Virtualization-Based Security (VBS) Enclave","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"5.7","temporalScore":"5.0","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"title":"Windows Virtualization-Based Security (VBS) Enclave Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could bypass the Virtualization\u2011Based Security (VBS) feature, specifically the Virtual Secure Mode (VSM) isolation between Virtual Trust Level 0 (VTL0) and Virtual Trust Level 1 (VTL1). This could allow a compromised Windows kernel to modify memory belonging to the secure kernel, breaking the intended isolation guarantees provided by VBS.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-23670","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":true,"sourceId":"a1fb63c5-6107-f111-9399-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000028cba4e9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-20945","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-20945","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-20945","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>\n<p>This means an authenticated user can upload malicious content, but exploitation only occurs if they convince another user to visit or interact with that content.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p>\n","ordinal":10000},{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>\n<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-20945","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"86b299f1-6bd7-f011-9396-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000e164d8a","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-25184","cveTitle":"Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-25184","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-25184","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Applocker Filter Driver (applockerfltr.sys)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-25184","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"28256e4e-6707-f111-9399-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b3a93bdf","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-23653","cveTitle":"GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.</p>\n","cweList":["CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/77.html"],"unformattedDescription":"Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.","mitreText":"CVE-2026-23653","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23653","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"GitHub Copilot and Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.7","temporalScore":"5.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","https://cwe.mitre.org/data/definitions/77.html"]}],"articles":[{"title":"GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could disclose the contents of the Model Context Protocol (MCP) when using Copilot.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-23653","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e275bab4-c902-f111-9399-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000036278aa5","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-25250","cveTitle":"MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Missing cryptographic step in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p>\n","cweList":["CWE-325: Missing Cryptographic Step"],"cweDetailsListForSearch":["cwe: CWE-325: Missing Cryptographic Step","cweUrl: https://cwe.mitre.org/data/definitions/325.html"],"unformattedDescription":"Missing cryptographic step in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-25250","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-25250","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Secure Boot","issuingCna":"MITRE","issuingCnaId":100000002,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"6.0","temporalScore":"5.2","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-325: Missing Cryptographic Step","https://cwe.mitre.org/data/definitions/325.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p>\n","ordinal":10000},{"title":"Windows Secure Boot Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Missing cryptographic step in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why is this vulnerability being published under a MITRE CVE rather than a Microsoft\u2011assigned CVE?</strong></p>\n<p>The vulnerability exists in third\u2011party firmware rather than Microsoft\u2011developed code. Although Windows is affected, the CVE is issued by MITRE in accordance with standard disclosure practices while Microsoft provides mitigations to help protect customers.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-25250","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"acfb85aa-6e00-f111-93f7-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fc289bd1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-20930","cveTitle":"Windows Management Services Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-20930","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-20930","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Management Services","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a> for more information.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer Isolation</a> for more information.</p>\n","ordinal":10000},{"title":"Windows Management Services Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-20930","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"70183273-e4d5-f011-93f4-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000011946ce8","releaseDate":"2026-04-14T01:02:44-07:00","cveNumber":"CVE-2026-31418","cveTitle":"netfilter: ipset: drop logically empty buckets in mtype_del","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:57:33-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31418","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31418","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31418","version":1,"revisionDate":"2026-04-14T01:02:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1b8a30a4-9d37-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31418","version":2,"revisionDate":"2026-04-14T01:44:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d5b35879-a337-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31418","version":4,"revisionDate":"2026-04-29T14:57:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"986eebc1-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31418","version":3,"revisionDate":"2026-04-18T14:40:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7fdd6f8e-343b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000010946ce8","releaseDate":"2026-04-14T01:02:38-07:00","cveNumber":"CVE-2026-31428","cveTitle":"netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:57:19-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31428","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31428","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31428","version":1,"revisionDate":"2026-04-14T01:02:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c139889d-9d37-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31428","version":3,"revisionDate":"2026-04-29T14:57:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f0342fb5-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31428","version":2,"revisionDate":"2026-04-18T14:40:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8c665687-343b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d363d875","releaseDate":"2026-04-14T01:02:33-07:00","cveNumber":"CVE-2026-31421","cveTitle":"net/sched: cls_fw: fix NULL pointer dereference on shared blocks","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:57:03-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31421","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31421","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31421","version":1,"revisionDate":"2026-04-14T01:02:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b639889d-9d37-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31421","version":3,"revisionDate":"2026-04-29T14:57:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0f607dae-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31421","version":2,"revisionDate":"2026-04-18T14:40:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"81665687-343b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000daaa1da3","releaseDate":"2026-04-14T01:02:16-07:00","cveNumber":"CVE-2026-31426","cveTitle":"ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:56:24-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31426","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31426","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31426","version":1,"revisionDate":"2026-04-14T01:02:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"12205791-9d37-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31426","version":2,"revisionDate":"2026-04-18T14:40:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"15554e85-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31426","version":3,"revisionDate":"2026-04-29T14:56:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"16083094-db43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000751fc545","releaseDate":"2026-04-14T01:02:11-07:00","cveNumber":"CVE-2026-31427","cveTitle":"netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:56:09-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31427","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31427","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31427","version":1,"revisionDate":"2026-04-14T01:02:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"05205791-9d37-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31427","version":3,"revisionDate":"2026-04-29T14:56:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4d0e0e8e-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31427","version":2,"revisionDate":"2026-04-18T14:40:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"89065f81-343b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a5c1ce5d","releaseDate":"2026-04-14T01:02:05-07:00","cveNumber":"CVE-2026-31414","cveTitle":"netfilter: nf_conntrack_expect: use expect->helper","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:55:55-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31414","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31414","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31414","version":1,"revisionDate":"2026-04-14T01:02:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e591c789-9d37-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31414","version":2,"revisionDate":"2026-04-18T14:40:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d840157b-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31414","version":3,"revisionDate":"2026-04-29T14:55:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"945c0786-db43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006ed87f18","releaseDate":"2026-04-14T01:01:59-07:00","cveNumber":"CVE-2026-31422","cveTitle":"net/sched: cls_flow: fix NULL pointer dereference on shared blocks","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:55:40-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31422","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31422","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31422","version":3,"revisionDate":"2026-04-29T14:55:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6844f47f-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31422","version":1,"revisionDate":"2026-04-14T01:01:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a65a5f87-9d37-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31422","version":2,"revisionDate":"2026-04-18T14:39:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b2146374-343b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000761fc545","releaseDate":"2026-04-14T01:01:54-07:00","cveNumber":"CVE-2026-31417","cveTitle":"net/x25: Fix overflow when accumulating packets","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:55:26-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31417","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31417","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31417","version":2,"revisionDate":"2026-04-18T14:39:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"29e4fd74-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31417","version":3,"revisionDate":"2026-04-29T14:55:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fbf87a73-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31417","version":1,"revisionDate":"2026-04-14T01:01:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9a5a5f87-9d37-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a4c1ce5d","releaseDate":"2026-04-14T01:01:49-07:00","cveNumber":"CVE-2026-31424","cveTitle":"netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:55:12-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31424","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31424","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31424","version":2,"revisionDate":"2026-04-18T14:39:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e89236e-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31424","version":3,"revisionDate":"2026-04-29T14:55:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c9c3fc6c-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31424","version":1,"revisionDate":"2026-04-14T01:01:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0f300c80-9d37-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000094d27bb","releaseDate":"2026-04-14T01:01:43-07:00","cveNumber":"CVE-2026-31423","cveTitle":"net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:57-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31423","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31423","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31423","version":1,"revisionDate":"2026-04-14T01:01:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d7ac547b-9d37-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31423","version":3,"revisionDate":"2026-04-29T14:54:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c15dac60-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31423","version":2,"revisionDate":"2026-04-18T14:39:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4ab5a16d-343b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000dbaa1da3","releaseDate":"2026-04-14T01:01:38-07:00","cveNumber":"CVE-2026-31416","cveTitle":"netfilter: nfnetlink_log: account for netlink header size","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:44-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31416","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31416","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31416","version":1,"revisionDate":"2026-04-14T01:01:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d2ac547b-9d37-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31416","version":2,"revisionDate":"2026-04-18T14:39:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"01b7a167-343b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31416","version":3,"revisionDate":"2026-04-29T14:54:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1b0a7c5d-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000043280739","releaseDate":"2026-04-14T01:01:32-07:00","cveNumber":"CVE-2026-40393","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-18T01:01:43-07:00","cweList":["CWE-787: Out-of-bounds Write"],"cweDetailsListForSearch":["cwe: CWE-787: Out-of-bounds Write","cweUrl: https://cwe.mitre.org/data/definitions/787.html"],"mitreText":"CVE-2026-40393","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40393","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.1","temporalScore":"8.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-787: Out-of-bounds Write","https://cwe.mitre.org/data/definitions/787.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40393","version":3,"revisionDate":"2026-04-18T01:01:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2751f628-c23a-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40393","version":1,"revisionDate":"2026-04-14T01:01:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fe5eaf78-9d37-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-40393","version":2,"revisionDate":"2026-04-17T14:39:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ebd2f93b-6b3a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007811567e","releaseDate":"2026-04-14T01:01:26-07:00","cveNumber":"CVE-2026-40385","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:30-07:00","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"mitreText":"CVE-2026-40385","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40385","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.0","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40385","version":1,"revisionDate":"2026-04-14T01:01:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"86bf4274-9d37-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40385","version":2,"revisionDate":"2026-04-14T14:48:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"01ec38f1-1038-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40385","version":3,"revisionDate":"2026-04-15T01:01:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0b14b4a9-6638-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40385","version":5,"revisionDate":"2026-04-29T14:54:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6d1d2754-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40385","version":4,"revisionDate":"2026-04-15T14:45:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"02c619c0-d938-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001386fd20","releaseDate":"2026-04-14T01:01:20-07:00","cveNumber":"CVE-2026-40386","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:15-07:00","cweList":["CWE-191: Integer Underflow (Wrap or Wraparound)"],"cweDetailsListForSearch":["cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html"],"mitreText":"CVE-2026-40386","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40386","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.0","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40386","version":1,"revisionDate":"2026-04-14T01:01:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"228d0b6e-9d37-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40386","version":4,"revisionDate":"2026-04-15T14:45:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3bb08db9-d938-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40386","version":5,"revisionDate":"2026-04-29T14:54:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"61e60648-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40386","version":2,"revisionDate":"2026-04-14T14:48:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dfe80fea-1038-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-40386","version":3,"revisionDate":"2026-04-15T01:01:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5b44d7a4-6638-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a654bdb2","releaseDate":"2026-04-12T01:01:49-07:00","cveNumber":"CVE-2026-34757","cveTitle":"LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-15T01:49:16-07:00","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"mitreText":"CVE-2026-34757","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34757","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.1","temporalScore":"5.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34757","version":1,"revisionDate":"2026-04-12T01:01:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1099aa2c-0b36-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34757","version":2,"revisionDate":"2026-04-13T14:40:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"805d18b9-4637-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34757","version":3,"revisionDate":"2026-04-15T01:49:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9751934b-6d38-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f662c8d0","releaseDate":"2026-04-12T01:01:40-07:00","cveNumber":"CVE-2026-35206","cveTitle":"Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:53:12-07:00","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"mitreText":"CVE-2026-35206","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35206","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35206","version":1,"revisionDate":"2026-04-12T01:01:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3d170a26-0b36-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-35206","version":2,"revisionDate":"2026-04-13T14:40:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"745d18b9-4637-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-35206","version":3,"revisionDate":"2026-04-30T01:53:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"33d10853-3744-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000035428e10","releaseDate":"2026-04-11T01:10:27-07:00","cveNumber":"CVE-2026-4878","cveTitle":"Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:47:44-07:00","cweList":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"],"cweDetailsListForSearch":["cwe: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","cweUrl: https://cwe.mitre.org/data/definitions/367.html"],"mitreText":"CVE-2026-4878","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-4878","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.7","temporalScore":"6.7","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","https://cwe.mitre.org/data/definitions/367.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-4878","version":1,"revisionDate":"2026-04-11T01:10:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ca9ed835-4335-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-4878","version":2,"revisionDate":"2026-04-13T14:40:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3edc1ab2-4637-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-4878","version":3,"revisionDate":"2026-04-14T14:47:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b06d60e3-1038-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000bb4e396e","releaseDate":"2026-04-11T01:10:17-07:00","cveNumber":"CVE-2026-33810","cveTitle":"Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:47:37-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-33810","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33810","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Go","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33810","version":1,"revisionDate":"2026-04-11T01:10:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aab6a42f-4335-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33810","version":2,"revisionDate":"2026-04-14T14:47:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3d0a3cdd-1038-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c9c3f0b5","releaseDate":"2026-04-11T01:06:16-07:00","cveNumber":"CVE-2026-32288","cveTitle":"Unbounded allocation for old GNU sparse in archive/tar","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:52:26-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-32288","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32288","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Go","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-32288","version":3,"revisionDate":"2026-04-15T01:46:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c60eacda-6c38-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32288","version":6,"revisionDate":"2026-04-29T14:52:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f7526900-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32288","version":1,"revisionDate":"2026-04-11T01:06:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"419db7a2-4235-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-32288","version":2,"revisionDate":"2026-04-14T14:46:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"88c6d0b9-1038-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-32288","version":4,"revisionDate":"2026-04-21T01:40:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1737d212-233d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-32288","version":5,"revisionDate":"2026-04-23T01:38:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6522e71c-b53e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-32288","version":7,"revisionDate":"2026-04-30T01:52:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f268183a-3744-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000343788b3","releaseDate":"2026-04-11T01:03:08-07:00","cveNumber":"CVE-2026-39882","cveTitle":"OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:50:43-07:00","cweList":["CWE-789: Memory Allocation with Excessive Size Value"],"cweDetailsListForSearch":["cwe: CWE-789: Memory Allocation with Excessive Size Value","cweUrl: https://cwe.mitre.org/data/definitions/789.html"],"mitreText":"CVE-2026-39882","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-39882","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.3","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-789: Memory Allocation with Excessive Size Value","https://cwe.mitre.org/data/definitions/789.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-39882","version":1,"revisionDate":"2026-04-11T01:03:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9b5b4431-4235-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-39882","version":2,"revisionDate":"2026-04-20T14:38:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b874639a-c63c-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-39882","version":3,"revisionDate":"2026-04-23T01:37:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"15103208-b53e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-39882","version":4,"revisionDate":"2026-04-29T14:50:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e1dfd6ca-da43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001cf81604","releaseDate":"2026-04-11T01:02:31-07:00","cveNumber":"CVE-2026-28390","cveTitle":"Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:52:51-07:00","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"mitreText":"CVE-2026-28390","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-28390","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"openssl","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-28390","version":4,"revisionDate":"2026-04-14T14:45:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"03da8ba7-1038-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28390","version":5,"revisionDate":"2026-04-15T01:45:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cfcc47c5-6c38-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28390","version":7,"revisionDate":"2026-04-29T01:39:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"70a4673f-6c43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28390","version":1,"revisionDate":"2026-04-11T01:02:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d08e171d-4235-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28390","version":2,"revisionDate":"2026-04-12T01:02:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"74529539-0b36-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28390","version":3,"revisionDate":"2026-04-13T14:40:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7fe5d3a5-4637-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28390","version":3.1,"revisionDate":"2026-04-14T01:44:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f0a23b6c-a337-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28390","version":6,"revisionDate":"2026-04-23T14:40:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f47c5852-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28390","version":8,"revisionDate":"2026-04-29T14:52:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"36403f14-db43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28390","version":9,"revisionDate":"2026-04-30T01:52:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3535d84c-3744-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008e11fabb","releaseDate":"2026-04-11T01:02:05-07:00","cveNumber":"CVE-2026-28389","cveTitle":"Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:51:05-07:00","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"mitreText":"CVE-2026-28389","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-28389","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"openssl","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-28389","version":7,"revisionDate":"2026-04-29T14:49:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c620bdac-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28389","version":1,"revisionDate":"2026-04-11T01:02:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"10e98f0a-4235-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28389","version":2,"revisionDate":"2026-04-12T01:02:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fdc0a332-0b36-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28389","version":3,"revisionDate":"2026-04-13T14:40:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3a2b1cac-4637-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28389","version":4,"revisionDate":"2026-04-14T14:45:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5edd7094-1038-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28389","version":4.1,"revisionDate":"2026-04-15T01:44:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"babed5b3-6c38-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28389","version":5,"revisionDate":"2026-04-23T14:39:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"76cde045-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28389","version":6,"revisionDate":"2026-04-29T01:38:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e620012c-6c43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28389","version":8,"revisionDate":"2026-04-30T01:51:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"98355a0b-3744-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000046730465","releaseDate":"2026-04-11T01:01:39-07:00","cveNumber":"CVE-2026-35611","cveTitle":"Addressable has a Regular Expression Denial of Service in Addressable templates","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-15T01:43:25-07:00","cweList":["CWE-1333: Inefficient Regular Expression Complexity"],"cweDetailsListForSearch":["cwe: CWE-1333: Inefficient Regular Expression Complexity","cweUrl: https://cwe.mitre.org/data/definitions/1333.html"],"mitreText":"CVE-2026-35611","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35611","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1333: Inefficient Regular Expression Complexity","https://cwe.mitre.org/data/definitions/1333.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35611","version":2,"revisionDate":"2026-04-15T01:43:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"27fb567c-6c38-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35611","version":1,"revisionDate":"2026-04-11T01:01:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"570212fd-4135-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000da60d5c2","releaseDate":"2026-04-10T17:32:06-07:00","cveNumber":"CVE-2026-5919","cveTitle":"Chromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSockets","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:32:06-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5919","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5919","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5919","version":1,"revisionDate":"2026-04-10T17:32:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a8f0f730-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000db60d5c2","releaseDate":"2026-04-10T17:32:05-07:00","cveNumber":"CVE-2026-5918","cveTitle":"Chromium: CVE-2026-5918 Inappropriate implementation in Navigation","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:32:05-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5918","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5918","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5918","version":1,"revisionDate":"2026-04-10T17:32:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e4e3f82a-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000ce60d5c2","releaseDate":"2026-04-10T17:32:04-07:00","cveNumber":"CVE-2026-5915","cveTitle":"Chromium: CVE-2026-5915 Insufficient validation of untrusted input in WebML","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:32:04-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5915","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5915","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5915","version":1,"revisionDate":"2026-04-10T17:32:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cfe3f82a-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000cf60d5c2","releaseDate":"2026-04-10T17:32:03-07:00","cveNumber":"CVE-2026-5914","cveTitle":"Chromium: CVE-2026-5914 Type Confusion in CSS","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:32:03-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5914","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5914","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5914","version":1,"revisionDate":"2026-04-10T17:32:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bde3f82a-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d060d5c2","releaseDate":"2026-04-10T17:32:02-07:00","cveNumber":"CVE-2026-5913","cveTitle":"Chromium: CVE-2026-5913 Out of bounds read in Blink","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:32:02-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5913","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5913","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5913","version":1,"revisionDate":"2026-04-10T17:32:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"abe3f82a-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d160d5c2","releaseDate":"2026-04-10T17:32:01-07:00","cveNumber":"CVE-2026-5912","cveTitle":"Chromium: CVE-2026-5912 Integer overflow in WebRTC","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:32:01-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5912","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5912","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5912","version":1,"revisionDate":"2026-04-10T17:32:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"99e3f82a-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d260d5c2","releaseDate":"2026-04-10T17:32:00-07:00","cveNumber":"CVE-2026-5911","cveTitle":"Chromium: CVE-2026-5911 Policy bypass in ServiceWorkers","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:32:00-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5911","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5911","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5911","version":1,"revisionDate":"2026-04-10T17:32:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"86e3f82a-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d360d5c2","releaseDate":"2026-04-10T17:31:59-07:00","cveNumber":"CVE-2026-5910","cveTitle":"Chromium: CVE-2026-5910 Integer overflow in Media","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:59-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5910","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5910","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5910","version":1,"revisionDate":"2026-04-10T17:31:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"74e3f82a-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003fec2d20","releaseDate":"2026-04-10T17:31:58-07:00","cveNumber":"CVE-2026-5909","cveTitle":"Chromium: CVE-2026-5909 Integer overflow in Media","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:58-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5909","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5909","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5909","version":1,"revisionDate":"2026-04-10T17:31:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"60e3f82a-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000040ec2d20","releaseDate":"2026-04-10T17:31:57-07:00","cveNumber":"CVE-2026-5908","cveTitle":"Chromium: CVE-2026-5908 Integer overflow in Media","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:57-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5908","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5908","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5908","version":1,"revisionDate":"2026-04-10T17:31:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4ee3f82a-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000031ec2d20","releaseDate":"2026-04-10T17:31:56-07:00","cveNumber":"CVE-2026-5907","cveTitle":"Chromium: CVE-2026-5907 Insufficient data validation in Media","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:56-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5907","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5907","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5907","version":1,"revisionDate":"2026-04-10T17:31:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3ce3f82a-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000032ec2d20","releaseDate":"2026-04-10T17:31:55-07:00","cveNumber":"CVE-2026-5906","cveTitle":"Chromium: CVE-2026-5906 Incorrect security UI in Omnibox","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:55-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5906","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5906","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5906","version":1,"revisionDate":"2026-04-10T17:31:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"29e3f82a-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000033ec2d20","releaseDate":"2026-04-10T17:31:54-07:00","cveNumber":"CVE-2026-5905","cveTitle":"Chromium: CVE-2026-5905 Incorrect security UI in Permissions","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:54-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5905","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5905","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5905","version":1,"revisionDate":"2026-04-10T17:31:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4f64ee24-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000034ec2d20","releaseDate":"2026-04-10T17:31:53-07:00","cveNumber":"CVE-2026-5904","cveTitle":"Chromium: CVE-2026-5904 Use after free in V8","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:53-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5904","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5904","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5904","version":1,"revisionDate":"2026-04-10T17:31:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3d64ee24-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000035ec2d20","releaseDate":"2026-04-10T17:31:52-07:00","cveNumber":"CVE-2026-5903","cveTitle":"Chromium: CVE-2026-5903 Policy bypass in IFrameSandbox","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:52-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5903","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5903","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5903","version":1,"revisionDate":"2026-04-10T17:31:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2b64ee24-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000036ec2d20","releaseDate":"2026-04-10T17:31:51-07:00","cveNumber":"CVE-2026-5902","cveTitle":"Chromium: CVE-2026-5902 Race in Media","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:51-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5902","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5902","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5902","version":1,"revisionDate":"2026-04-10T17:31:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1964ee24-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000037ec2d20","releaseDate":"2026-04-10T17:31:50-07:00","cveNumber":"CVE-2026-5901","cveTitle":"Chromium: CVE-2026-5901 Policy bypass in DevTools","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:50-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5901","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5901","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5901","version":1,"revisionDate":"2026-04-10T17:31:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0664ee24-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000038ec2d20","releaseDate":"2026-04-10T17:31:49-07:00","cveNumber":"CVE-2026-5900","cveTitle":"Chromium: CVE-2026-5900 Policy bypass in Downloads","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:49-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5900","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5900","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5900","version":1,"revisionDate":"2026-04-10T17:31:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f463ee24-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d30511d8","releaseDate":"2026-04-10T17:31:48-07:00","cveNumber":"CVE-2026-5899","cveTitle":"Chromium: CVE-2026-5899 Incorrect security UI in History Navigation","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:48-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5899","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5899","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5899","version":1,"revisionDate":"2026-04-10T17:31:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e063ee24-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d20511d8","releaseDate":"2026-04-10T17:31:47-07:00","cveNumber":"CVE-2026-5898","cveTitle":"Chromium: CVE-2026-5898 Incorrect security UI in Omnibox","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:47-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5898","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5898","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5898","version":1,"revisionDate":"2026-04-10T17:31:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ce63ee24-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c50511d8","releaseDate":"2026-04-10T17:31:46-07:00","cveNumber":"CVE-2026-5897","cveTitle":"Chromium: CVE-2026-5897 Incorrect security UI in Downloads","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:46-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5897","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5897","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5897","version":1,"revisionDate":"2026-04-10T17:31:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bc63ee24-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c40511d8","releaseDate":"2026-04-10T17:31:45-07:00","cveNumber":"CVE-2026-5896","cveTitle":"Chromium: CVE-2026-5896 Policy bypass in Audio","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:45-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5896","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5896","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5896","version":1,"revisionDate":"2026-04-10T17:31:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a763ee24-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c70511d8","releaseDate":"2026-04-10T17:31:44-07:00","cveNumber":"CVE-2026-5895","cveTitle":"Chromium: CVE-2026-5895 Incorrect security UI in Omnibox","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:44-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5895","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5895","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5895","version":1,"revisionDate":"2026-04-10T17:31:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1600ea1e-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c60511d8","releaseDate":"2026-04-10T17:31:43-07:00","cveNumber":"CVE-2026-5894","cveTitle":"Chromium: CVE-2026-5894 Inappropriate implementation in PDF","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:43-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5894","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5894","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5894","version":1,"revisionDate":"2026-04-10T17:31:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fcffe91e-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c90511d8","releaseDate":"2026-04-10T17:31:42-07:00","cveNumber":"CVE-2026-5893","cveTitle":"Chromium: CVE-2026-5893 Race in V8","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:42-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5893","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5893","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5893","version":1,"revisionDate":"2026-04-10T17:31:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e5ffe91e-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c80511d8","releaseDate":"2026-04-10T17:31:41-07:00","cveNumber":"CVE-2026-5892","cveTitle":"Chromium: CVE-2026-5892 Insufficient policy enforcement in PWAs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:41-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5892","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5892","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5892","version":1,"revisionDate":"2026-04-10T17:31:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ceffe91e-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000cb0511d8","releaseDate":"2026-04-10T17:31:40-07:00","cveNumber":"CVE-2026-5891","cveTitle":"Chromium: CVE-2026-5891 Insufficient policy enforcement in browser UI","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:40-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5891","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5891","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5891","version":1,"revisionDate":"2026-04-10T17:31:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b6ffe91e-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000ca0511d8","releaseDate":"2026-04-10T17:31:39-07:00","cveNumber":"CVE-2026-5890","cveTitle":"Chromium: CVE-2026-5890 Race in WebCodecs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:39-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5890","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5890","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5890","version":1,"revisionDate":"2026-04-10T17:31:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a1ffe91e-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000038916935","releaseDate":"2026-04-10T17:31:38-07:00","cveNumber":"CVE-2026-5889","cveTitle":"Chromium: CVE-2026-5889 Cryptographic Flaw in PDFium","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:38-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5889","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5889","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5889","version":1,"revisionDate":"2026-04-10T17:31:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8fffe91e-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000037916935","releaseDate":"2026-04-10T17:31:37-07:00","cveNumber":"CVE-2026-5888","cveTitle":"Chromium: CVE-2026-5888 Uninitialized Use in WebCodecs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:37-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5888","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5888","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5888","version":1,"revisionDate":"2026-04-10T17:31:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"78ffe91e-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00002a916935","releaseDate":"2026-04-10T17:31:36-07:00","cveNumber":"CVE-2026-5887","cveTitle":"Chromium: CVE-2026-5887 Insufficient validation of untrusted input in Downloads","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:36-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5887","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5887","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5887","version":1,"revisionDate":"2026-04-10T17:31:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"60ffe91e-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000029916935","releaseDate":"2026-04-10T17:31:35-07:00","cveNumber":"CVE-2026-5886","cveTitle":"Chromium: CVE-2026-5886 Out of bounds read in WebAudio","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:35-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5886","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5886","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5886","version":1,"revisionDate":"2026-04-10T17:31:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4bffe91e-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00002c916935","releaseDate":"2026-04-10T17:31:34-07:00","cveNumber":"CVE-2026-5885","cveTitle":"Chromium: CVE-2026-5885 Insufficient validation of untrusted input in WebML","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:34-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5885","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5885","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5885","version":1,"revisionDate":"2026-04-10T17:31:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e749f018-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00002b916935","releaseDate":"2026-04-10T17:31:33-07:00","cveNumber":"CVE-2026-5884","cveTitle":"Chromium: CVE-2026-5884 Insufficient validation of untrusted input in Media","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:33-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5884","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5884","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5884","version":1,"revisionDate":"2026-04-10T17:31:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d549f018-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00002e916935","releaseDate":"2026-04-10T17:31:32-07:00","cveNumber":"CVE-2026-5883","cveTitle":"Chromium: CVE-2026-5883 Use after free in Media","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:32-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5883","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5883","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5883","version":1,"revisionDate":"2026-04-10T17:31:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c349f018-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00002d916935","releaseDate":"2026-04-10T17:31:31-07:00","cveNumber":"CVE-2026-5882","cveTitle":"Chromium: CVE-2026-5882 Incorrect security UI in Fullscreen","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:31-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5882","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5882","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5882","version":1,"revisionDate":"2026-04-10T17:31:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b149f018-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000030916935","releaseDate":"2026-04-10T17:31:30-07:00","cveNumber":"CVE-2026-5881","cveTitle":"Chromium: CVE-2026-5881 Policy bypass in LocalNetworkAccess","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:30-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5881","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5881","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5881","version":1,"revisionDate":"2026-04-10T17:31:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9e49f018-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00002f916935","releaseDate":"2026-04-10T17:31:29-07:00","cveNumber":"CVE-2026-5880","cveTitle":"Chromium: CVE-2026-5880 Incorrect security UI in browser UI","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:29-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5880","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5880","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5880","version":1,"revisionDate":"2026-04-10T17:31:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8949f018-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000314a2408","releaseDate":"2026-04-10T17:31:28-07:00","cveNumber":"CVE-2026-5879","cveTitle":"Chromium: CVE-2026-5879 Insufficient validation of untrusted input in ANGLE","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:28-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5879","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5879","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5879","version":1,"revisionDate":"2026-04-10T17:31:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7749f018-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000304a2408","releaseDate":"2026-04-10T17:31:27-07:00","cveNumber":"CVE-2026-5878","cveTitle":"Chromium: CVE-2026-5878 Incorrect security UI in Blink","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:27-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5878","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5878","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5878","version":1,"revisionDate":"2026-04-10T17:31:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6549f018-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000234a2408","releaseDate":"2026-04-10T17:31:26-07:00","cveNumber":"CVE-2026-5877","cveTitle":"Chromium: CVE-2026-5877 Use after free in Navigation","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:26-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5877","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5877","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5877","version":1,"revisionDate":"2026-04-10T17:31:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5349f018-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000224a2408","releaseDate":"2026-04-10T17:31:25-07:00","cveNumber":"CVE-2026-5876","cveTitle":"Chromium: CVE-2026-5876 Side-channel information leakage in Navigation","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:25-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5876","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5876","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5876","version":1,"revisionDate":"2026-04-10T17:31:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4049f018-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000254a2408","releaseDate":"2026-04-10T17:31:24-07:00","cveNumber":"CVE-2026-5875","cveTitle":"Chromium: CVE-2026-5875 Policy bypass in Blink","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:24-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5875","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5875","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5875","version":1,"revisionDate":"2026-04-10T17:31:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bb17cb12-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000244a2408","releaseDate":"2026-04-10T17:31:23-07:00","cveNumber":"CVE-2026-5874","cveTitle":"Chromium: CVE-2026-5874 Use after free in PrivateAI","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:23-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5874","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5874","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5874","version":1,"revisionDate":"2026-04-10T17:31:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a717cb12-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000274a2408","releaseDate":"2026-04-10T17:31:22-07:00","cveNumber":"CVE-2026-5873","cveTitle":"Chromium: CVE-2026-5873 Out of bounds read and write in V8","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:22-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5873","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5873","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5873","version":1,"revisionDate":"2026-04-10T17:31:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9217cb12-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000264a2408","releaseDate":"2026-04-10T17:31:21-07:00","cveNumber":"CVE-2026-5872","cveTitle":"Chromium: CVE-2026-5872 Use after free in Blink","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:21-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5872","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5872","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5872","version":1,"revisionDate":"2026-04-10T17:31:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7d17cb12-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000294a2408","releaseDate":"2026-04-10T17:31:20-07:00","cveNumber":"CVE-2026-5871","cveTitle":"Chromium: CVE-2026-5871 Type Confusion in V8","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:20-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5871","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5871","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5871","version":1,"revisionDate":"2026-04-10T17:31:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6817cb12-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000284a2408","releaseDate":"2026-04-10T17:31:18-07:00","cveNumber":"CVE-2026-5870","cveTitle":"Chromium: CVE-2026-5870 Integer overflow in Skia","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:18-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5870","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5870","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5870","version":1,"revisionDate":"2026-04-10T17:31:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5217cb12-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000096d57c65","releaseDate":"2026-04-10T17:31:18-07:00","cveNumber":"CVE-2026-5869","cveTitle":"Chromium: CVE-2026-5869 Heap buffer overflow in WebML","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:18-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5869","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5869","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5869","version":1,"revisionDate":"2026-04-10T17:31:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4017cb12-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000095d57c65","releaseDate":"2026-04-10T17:31:17-07:00","cveNumber":"CVE-2026-5868","cveTitle":"Chromium: CVE-2026-5868 Heap buffer overflow in ANGLE","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:17-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5868","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5868","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5868","version":1,"revisionDate":"2026-04-10T17:31:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2e17cb12-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000088d57c65","releaseDate":"2026-04-10T17:31:16-07:00","cveNumber":"CVE-2026-5867","cveTitle":"Chromium: CVE-2026-5867 Heap buffer overflow in WebML","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:16-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5867","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5867","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5867","version":1,"revisionDate":"2026-04-10T17:31:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1c17cb12-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000087d57c65","releaseDate":"2026-04-10T17:31:15-07:00","cveNumber":"CVE-2026-5866","cveTitle":"Chromium: CVE-2026-5866 Use after free in Media","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:15-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5866","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5866","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5866","version":1,"revisionDate":"2026-04-10T17:31:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3947cb0c-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00008ad57c65","releaseDate":"2026-04-10T17:31:14-07:00","cveNumber":"CVE-2026-5865","cveTitle":"Chromium: CVE-2026-5865 Type Confusion in V8","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:14-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5865","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5865","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5865","version":1,"revisionDate":"2026-04-10T17:31:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2347cb0c-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000089d57c65","releaseDate":"2026-04-10T17:31:13-07:00","cveNumber":"CVE-2026-5864","cveTitle":"Chromium: CVE-2026-5864 Heap buffer overflow in WebAudio","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:13-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5864","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5864","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5864","version":1,"revisionDate":"2026-04-10T17:31:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1147cb0c-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00008cd57c65","releaseDate":"2026-04-10T17:31:12-07:00","cveNumber":"CVE-2026-5863","cveTitle":"Chromium: CVE-2026-5863 Inappropriate implementation in V8","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:12-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5863","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5863","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5863","version":1,"revisionDate":"2026-04-10T17:31:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ff46cb0c-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00008bd57c65","releaseDate":"2026-04-10T17:31:11-07:00","cveNumber":"CVE-2026-5862","cveTitle":"Chromium: CVE-2026-5862 Inappropriate implementation in V8","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:11-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5862","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5862","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5862","version":1,"revisionDate":"2026-04-10T17:31:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ed46cb0c-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00008ed57c65","releaseDate":"2026-04-10T17:31:10-07:00","cveNumber":"CVE-2026-5861","cveTitle":"Chromium: CVE-2026-5861 Use after free in V8","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:10-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5861","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5861","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5861","version":1,"revisionDate":"2026-04-10T17:31:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"da46cb0c-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00008dd57c65","releaseDate":"2026-04-10T17:31:09-07:00","cveNumber":"CVE-2026-5860","cveTitle":"Chromium: CVE-2026-5860 Use after free in WebRTC","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:09-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5860","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5860","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5860","version":1,"revisionDate":"2026-04-10T17:31:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c646cb0c-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00006733734d","releaseDate":"2026-04-10T17:31:08-07:00","cveNumber":"CVE-2026-5859","cveTitle":"Chromium: CVE-2026-5859 Integer overflow in WebML","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:08-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5859","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5859","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5859","version":1,"revisionDate":"2026-04-10T17:31:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b446cb0c-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00006633734d","releaseDate":"2026-04-10T17:31:05-07:00","cveNumber":"CVE-2026-5858","cveTitle":"Chromium: CVE-2026-5858 Heap buffer overflow in WebML","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T17:31:05-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5858","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5858","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5858","version":1,"revisionDate":"2026-04-10T17:31:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a246cb0c-0335-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f6947d14","releaseDate":"2026-04-10T07:00:00-07:00","cveNumber":"CVE-2026-33118","cveTitle":"Microsoft Edge (Chromium-based) Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T07:00:00-07:00","cweList":["CWE-451: User Interface (UI) Misrepresentation of Critical Information"],"cweDetailsListForSearch":["cwe: CWE-451: User Interface (UI) Misrepresentation of Critical Information","cweUrl: https://cwe.mitre.org/data/definitions/451.html"],"mitreText":"CVE-2026-33118","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33118","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000003,"severity":"Low","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.3","temporalScore":"3.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-451: User Interface (UI) Misrepresentation of Critical Information","https://cwe.mitre.org/data/definitions/451.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker would have to send the victim a malicious file that the victim would have to execute.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33118","version":1,"revisionDate":"2026-04-10T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f6322041-0a2e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005b20d671","releaseDate":"2026-04-10T07:00:00-07:00","cveNumber":"CVE-2026-33119","cveTitle":"Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T07:00:00-07:00","description":"<p>User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-451: User Interface (UI) Misrepresentation of Critical Information"],"cweDetailsListForSearch":["cwe: CWE-451: User Interface (UI) Misrepresentation of Critical Information","cweUrl: https://cwe.mitre.org/data/definitions/451.html"],"unformattedDescription":"User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-33119","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33119","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000002,"severity":"Moderate","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-451: User Interface (UI) Misrepresentation of Critical Information","https://cwe.mitre.org/data/definitions/451.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file. * In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. * In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n","ordinal":10000},{"title":"Microsoft Edge (Chromium-based) Spoofing Vulnerability","articleType":"100000000","description":"<p>User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.60</td>\n<td>04/10/2026</td>\n<td>147.0.7727.55/.56</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33119","version":1,"revisionDate":"2026-04-10T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"03ad607a-0c2e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f7825e35","releaseDate":"2026-04-10T01:02:58-07:00","cveNumber":"CVE-2026-23411","cveTitle":"apparmor: fix race between freeing data and fs accessing it","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-27T14:42:34-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23411","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23411","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"Linux","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23411","version":2,"revisionDate":"2026-04-26T01:03:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e2a96aca-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23411","version":3,"revisionDate":"2026-04-27T14:42:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e6b31250-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23411","version":1,"revisionDate":"2026-04-10T01:02:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b75ba9fe-7834-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000092f705d8","releaseDate":"2026-04-10T01:02:51-07:00","cveNumber":"CVE-2026-23410","cveTitle":"apparmor: fix race on rawdata dereference","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-27T14:42:29-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23410","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23410","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"Linux","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23410","version":1,"revisionDate":"2026-04-10T01:02:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3f3ca2fe-7834-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23410","version":3,"revisionDate":"2026-04-27T14:42:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cfb31250-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23410","version":2,"revisionDate":"2026-04-26T01:03:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b8f5f3c6-0b41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d0279a4a","releaseDate":"2026-04-10T01:02:45-07:00","cveNumber":"CVE-2026-23409","cveTitle":"apparmor: fix differential encoding verification","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-27T14:42:23-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23409","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23409","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23409","version":1,"revisionDate":"2026-04-10T01:02:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c6e86ef7-7834-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23409","version":2,"revisionDate":"2026-04-26T01:03:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2abe8ec3-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23409","version":3,"revisionDate":"2026-04-27T14:42:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"be334e49-4742-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006b9c41ed","releaseDate":"2026-04-10T01:02:39-07:00","cveNumber":"CVE-2026-23408","cveTitle":"apparmor: Fix double free of ns_name in aa_replace_profiles()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-27T14:42:17-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23408","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23408","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"Linux","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23408","version":2,"revisionDate":"2026-04-26T01:03:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"07cfe7bc-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23408","version":3,"revisionDate":"2026-04-27T14:42:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b0334e49-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23408","version":1,"revisionDate":"2026-04-10T01:02:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7d1757f7-7834-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009a3e4b05","releaseDate":"2026-04-10T01:02:33-07:00","cveNumber":"CVE-2026-23407","cveTitle":"apparmor: fix missing bounds check on DEFAULT table in verify_dfa()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-27T14:42:05-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23407","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23407","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"Linux","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23407","version":2,"revisionDate":"2026-04-26T01:03:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0af50eb6-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23407","version":3,"revisionDate":"2026-04-27T14:42:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e6503642-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23407","version":1,"revisionDate":"2026-04-10T01:02:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e9b34df1-7834-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000035b3f2a7","releaseDate":"2026-04-10T01:02:27-07:00","cveNumber":"CVE-2026-23406","cveTitle":"apparmor: fix side-effect bug in match_char() macro usage","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T01:38:51-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23406","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23406","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"Linux","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23406","version":2,"revisionDate":"2026-04-26T01:03:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"01f50eb6-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23406","version":1,"revisionDate":"2026-04-10T01:02:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d7b34df1-7834-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-23406","version":3,"revisionDate":"2026-04-29T01:38:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e820012c-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006455fcbf","releaseDate":"2026-04-10T01:02:21-07:00","cveNumber":"CVE-2026-23405","cveTitle":"apparmor: fix: limit the number of levels of policy namespaces","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-27T14:42:00-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23405","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23405","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23405","version":1,"revisionDate":"2026-04-10T01:02:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"96d216e9-7834-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23405","version":3,"revisionDate":"2026-04-27T14:42:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0bfe583b-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23405","version":2,"revisionDate":"2026-04-26T01:03:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"288a3dae-0b41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ffc9a362","releaseDate":"2026-04-10T01:02:14-07:00","cveNumber":"CVE-2026-23404","cveTitle":"apparmor: replace recursive profile removal with iterative approach","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-27T14:41:54-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23404","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23404","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23404","version":1,"revisionDate":"2026-04-10T01:02:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8fd216e9-7834-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23404","version":3,"revisionDate":"2026-04-27T14:41:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"02fe583b-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23404","version":2,"revisionDate":"2026-04-26T01:03:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1d8a3dae-0b41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002e6cad7a","releaseDate":"2026-04-10T01:02:07-07:00","cveNumber":"CVE-2026-23403","cveTitle":"apparmor: fix memory leak in verify_header","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-27T14:41:48-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23403","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23403","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23403","version":1,"revisionDate":"2026-04-10T01:02:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc6afde0-7834-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23403","version":3,"revisionDate":"2026-04-27T14:41:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fef8a134-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23403","version":2,"revisionDate":"2026-04-26T01:03:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0d03caa7-0b41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000099c2e010","releaseDate":"2026-04-10T01:01:59-07:00","cveNumber":"CVE-2026-39881","cveTitle":"Vim Ex command injection in Vims NetBeans integration","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-11T01:40:57-07:00","cweList":["CWE-94: Improper Control of Generation of Code ('Code Injection')"],"cweDetailsListForSearch":["cwe: CWE-94: Improper Control of Generation of Code ('Code Injection')","cweUrl: https://cwe.mitre.org/data/definitions/94.html"],"mitreText":"CVE-2026-39881","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-39881","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.0","temporalScore":"5.0","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-94: Improper Control of Generation of Code ('Code Injection')","https://cwe.mitre.org/data/definitions/94.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-39881","version":1,"revisionDate":"2026-04-10T01:01:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d56afde0-7834-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-39881","version":2,"revisionDate":"2026-04-11T01:10:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f2e3d248-4335-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-39881","version":3,"revisionDate":"2026-04-11T01:40:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"acc31d79-4735-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000094db4d6c","releaseDate":"2026-04-10T01:01:54-07:00","cveNumber":"CVE-2026-40024","cveTitle":"Sleuth Kit tsk_recover Path Traversal","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-11T01:40:50-07:00","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"mitreText":"CVE-2026-40024","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40024","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"VulnCheck","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","vectorStringSource":"VulnCheck","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40024","version":1,"revisionDate":"2026-04-10T01:01:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7262a8dd-7834-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-40024","version":2,"revisionDate":"2026-04-11T01:10:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fafac442-4335-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-40024","version":3,"revisionDate":"2026-04-11T01:40:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9dc31d79-4735-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f966a6c9","releaseDate":"2026-04-10T01:01:48-07:00","cveNumber":"CVE-2026-40025","cveTitle":"Sleuth Kit APFS Keybag Parser Out-of-Bounds Read","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-11T01:40:44-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-40025","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40025","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"VulnCheck","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.4","temporalScore":"4.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","vectorStringSource":"VulnCheck","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40025","version":1,"revisionDate":"2026-04-10T01:01:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6f7c5eda-7834-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40025","version":2,"revisionDate":"2026-04-11T01:10:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c07f703c-4335-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-40025","version":3,"revisionDate":"2026-04-11T01:40:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1132f772-4735-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005ef2fe26","releaseDate":"2026-04-10T01:01:43-07:00","cveNumber":"CVE-2026-40026","cveTitle":"Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-11T01:40:37-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-40026","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40026","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"VulnCheck","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.4","temporalScore":"4.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","vectorStringSource":"VulnCheck","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40026","version":1,"revisionDate":"2026-04-10T01:01:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f38dafd3-7834-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40026","version":3,"revisionDate":"2026-04-11T01:40:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"48e4986b-4735-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40026","version":2,"revisionDate":"2026-04-11T01:10:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f3fac442-4335-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e0357600","releaseDate":"2026-04-09T01:02:56-07:00","cveNumber":"CVE-2026-34445","cveTitle":"ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T14:38:06-07:00","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"mitreText":"CVE-2026-34445","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34445","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.6","temporalScore":"8.6","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34445","version":1,"revisionDate":"2026-04-09T01:02:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f940d7d5-af33-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34445","version":2,"revisionDate":"2026-04-17T14:38:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2dfc2c07-6b3a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007baa1da3","releaseDate":"2026-04-09T01:02:48-07:00","cveNumber":"CVE-2026-34446","cveTitle":"ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T14:37:57-07:00","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"mitreText":"CVE-2026-34446","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34446","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.7","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34446","version":1,"revisionDate":"2026-04-09T01:02:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"759392ce-af33-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34446","version":2,"revisionDate":"2026-04-17T14:37:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"17fc2c07-6b3a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f39c5219","releaseDate":"2026-04-09T01:02:20-07:00","cveNumber":"CVE-2026-28388","cveTitle":"NULL Pointer Dereference When Processing a Delta CRL","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:50:39-07:00","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"mitreText":"CVE-2026-28388","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-28388","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"openssl","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-28388","version":1,"revisionDate":"2026-04-09T01:02:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"765cbfc1-af33-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28388","version":2,"revisionDate":"2026-04-10T14:39:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7f546b20-eb34-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28388","version":5,"revisionDate":"2026-04-15T01:44:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"44d884a4-6c38-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28388","version":7,"revisionDate":"2026-04-29T14:48:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"86ee748d-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28388","version":3,"revisionDate":"2026-04-11T01:04:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a2f49970-4235-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28388","version":4,"revisionDate":"2026-04-14T14:45:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"91dd688d-1038-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28388","version":6,"revisionDate":"2026-04-23T14:39:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"856f4439-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28388","version":8,"revisionDate":"2026-04-30T01:50:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7fdb58f8-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000062e01510","releaseDate":"2026-04-09T01:02:14-07:00","cveNumber":"CVE-2026-31790","cveTitle":"Incorrect Failure Handling in RSA KEM RSASVE Encapsulation","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-10T14:39:43-07:00","cweList":["CWE-754: Improper Check for Unusual or Exceptional Conditions"],"cweDetailsListForSearch":["cwe: CWE-754: Improper Check for Unusual or Exceptional Conditions","cweUrl: https://cwe.mitre.org/data/definitions/754.html"],"mitreText":"CVE-2026-31790","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31790","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"openssl","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-754: Improper Check for Unusual or Exceptional Conditions","https://cwe.mitre.org/data/definitions/754.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31790","version":1,"revisionDate":"2026-04-09T01:02:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"efba01bb-af33-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31790","version":2,"revisionDate":"2026-04-10T14:39:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"78aced18-eb34-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000014b1d1d6","releaseDate":"2026-04-09T01:02:09-07:00","cveNumber":"CVE-2026-28387","cveTitle":"Potential Use-after-free in DANE Client Code","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:49:59-07:00","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"mitreText":"CVE-2026-28387","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-28387","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"openssl","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-28387","version":1,"revisionDate":"2026-04-09T01:02:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ddba01bb-af33-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28387","version":4,"revisionDate":"2026-04-15T01:44:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9428359e-6c38-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28387","version":5,"revisionDate":"2026-04-22T14:38:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9e1756dd-583e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28387","version":7,"revisionDate":"2026-04-29T14:47:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5abe4e67-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-28387","version":2,"revisionDate":"2026-04-11T01:04:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ff0de45d-4235-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28387","version":3,"revisionDate":"2026-04-14T14:46:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4a1cd2ab-1038-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28387","version":6,"revisionDate":"2026-04-23T14:40:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f315df58-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-28387","version":8,"revisionDate":"2026-04-30T01:49:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b1b1afe4-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a010aa82","releaseDate":"2026-04-09T01:02:03-07:00","cveNumber":"CVE-2026-31789","cveTitle":"Heap Buffer Overflow in Hexadecimal Conversion","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:53:04-07:00","cweList":["CWE-787: Out-of-bounds Write"],"cweDetailsListForSearch":["cwe: CWE-787: Out-of-bounds Write","cweUrl: https://cwe.mitre.org/data/definitions/787.html"],"mitreText":"CVE-2026-31789","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31789","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"openssl","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-787: Out-of-bounds Write","https://cwe.mitre.org/data/definitions/787.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31789","version":5,"revisionDate":"2026-04-15T01:45:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c24cfaba-6c38-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31789","version":6,"revisionDate":"2026-04-29T14:53:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c8636927-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31789","version":1,"revisionDate":"2026-04-09T01:02:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"017c03b8-af33-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31789","version":2,"revisionDate":"2026-04-10T14:39:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6f7a6b19-eb34-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31789","version":3,"revisionDate":"2026-04-11T01:05:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"50f1277d-4235-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31789","version":4,"revisionDate":"2026-04-14T14:45:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"13cc499d-1038-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31789","version":7,"revisionDate":"2026-04-30T01:53:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1fd10853-3744-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e22cd063","releaseDate":"2026-04-09T01:01:57-07:00","cveNumber":"CVE-2026-39314","cveTitle":"CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported`","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-18T14:38:20-07:00","cweList":["CWE-191: Integer Underflow (Wrap or Wraparound)"],"cweDetailsListForSearch":["cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html"],"mitreText":"CVE-2026-39314","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-39314","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.0","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-39314","version":1,"revisionDate":"2026-04-09T01:01:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0fa1d7b4-af33-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-39314","version":3,"revisionDate":"2026-04-18T14:38:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1ab5d73c-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-39314","version":2,"revisionDate":"2026-04-11T01:01:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"996a40f0-4135-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ac43811e","releaseDate":"2026-04-09T01:01:51-07:00","cveNumber":"CVE-2026-39316","cveTitle":"CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-18T14:38:14-07:00","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"mitreText":"CVE-2026-39316","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-39316","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.0","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-39316","version":1,"revisionDate":"2026-04-09T01:01:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"04a30dad-af33-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-39316","version":2,"revisionDate":"2026-04-11T01:01:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a06a40f0-4135-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-39316","version":3,"revisionDate":"2026-04-18T14:38:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"63d25136-343b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006ea4995e","releaseDate":"2026-04-09T01:01:25-07:00","cveNumber":"CVE-2026-34933","cveTitle":"Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:44:57-07:00","cweList":["CWE-617: Reachable Assertion"],"cweDetailsListForSearch":["cwe: CWE-617: Reachable Assertion","cweUrl: https://cwe.mitre.org/data/definitions/617.html"],"mitreText":"CVE-2026-34933","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34933","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.5","temporalScore":"5.5","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-617: Reachable Assertion","https://cwe.mitre.org/data/definitions/617.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34933","version":1,"revisionDate":"2026-04-09T01:01:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e9ab3d9d-af33-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34933","version":2,"revisionDate":"2026-04-13T14:38:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"62772278-4637-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34933","version":3,"revisionDate":"2026-04-14T14:44:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cccbfa7c-1038-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000d924b17","releaseDate":"2026-04-08T01:01:25-07:00","cveNumber":"CVE-2026-35177","cveTitle":"Path traversal issue with zip.vim in Vim","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-09T01:02:39-07:00","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"mitreText":"CVE-2026-35177","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35177","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.1","temporalScore":"4.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35177","version":1,"revisionDate":"2026-04-08T01:01:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4acf1472-e632-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35177","version":2,"revisionDate":"2026-04-09T01:02:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e9392ce-af33-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000002194101","releaseDate":"2026-04-08T01:01:19-07:00","cveNumber":"CVE-2026-34982","cveTitle":"Vim modeline bypass via various options affects Vim < 9.2.0276","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-09T01:02:34-07:00","cweList":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/78.html"],"mitreText":"CVE-2026-34982","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34982","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.2","temporalScore":"8.2","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","https://cwe.mitre.org/data/definitions/78.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34982","version":1,"revisionDate":"2026-04-08T01:01:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"39cf1472-e632-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34982","version":2,"revisionDate":"2026-04-09T01:02:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"319c68c8-af33-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006e5b427e","releaseDate":"2026-04-07T01:02:30-07:00","cveNumber":"CVE-2026-34591","cveTitle":"Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:46:31-07:00","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"mitreText":"CVE-2026-34591","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34591","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34591","version":3,"revisionDate":"2026-04-29T14:46:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"368a7338-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34591","version":1,"revisionDate":"2026-04-07T01:02:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ddbdf46e-1d32-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34591","version":2,"revisionDate":"2026-04-29T01:47:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"36df4668-6d43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000aa29524","releaseDate":"2026-04-07T01:02:25-07:00","cveNumber":"CVE-2026-3184","cveTitle":"Util-linux: util-linux: access control bypass due to improper hostname canonicalization","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:44:51-07:00","cweList":["CWE-289: Authentication Bypass by Alternate Name"],"cweDetailsListForSearch":["cwe: CWE-289: Authentication Bypass by Alternate Name","cweUrl: https://cwe.mitre.org/data/definitions/289.html"],"mitreText":"CVE-2026-3184","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-3184","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"3.7","temporalScore":"3.7","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-289: Authentication Bypass by Alternate Name","https://cwe.mitre.org/data/definitions/289.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-3184","version":1,"revisionDate":"2026-04-07T01:02:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"60d5e070-1d32-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-3184","version":3,"revisionDate":"2026-04-14T14:44:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e611a37e-1038-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-3184","version":2,"revisionDate":"2026-04-14T01:41:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"97bcdf1a-a337-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000012946ce8","releaseDate":"2026-04-07T01:01:28-07:00","cveNumber":"CVE-2026-31408","cveTitle":"Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:46:16-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31408","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31408","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31408","version":1,"revisionDate":"2026-04-07T01:01:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2a181d4a-1d32-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31408","version":2,"revisionDate":"2026-04-18T14:38:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"16a6ca35-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31408","version":3,"revisionDate":"2026-04-29T14:46:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f7f6c82a-da43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000bf2de008","releaseDate":"2026-04-05T01:02:45-07:00","cveNumber":"CVE-2026-35535","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:38:29-07:00","cweList":["CWE-271: Privilege Dropping / Lowering Errors"],"cweDetailsListForSearch":["cwe: CWE-271: Privilege Dropping / Lowering Errors","cweUrl: https://cwe.mitre.org/data/definitions/271.html"],"mitreText":"CVE-2026-35535","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35535","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.4","temporalScore":"7.4","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-271: Privilege Dropping / Lowering Errors","https://cwe.mitre.org/data/definitions/271.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35535","version":1,"revisionDate":"2026-04-05T01:02:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"53a12722-8b30-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35535","version":2,"revisionDate":"2026-04-06T14:38:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"954aea3f-c631-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-35535","version":3,"revisionDate":"2026-04-11T01:40:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"baf6ce5c-4735-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-35535","version":4,"revisionDate":"2026-04-24T14:38:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2a35993d-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b4b2f2a7","releaseDate":"2026-04-05T01:02:24-07:00","cveNumber":"CVE-2026-27456","cveTitle":"util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:44:40-07:00","cweList":["CWE-59: Improper Link Resolution Before File Access ('Link Following')"],"cweDetailsListForSearch":["cwe: CWE-59: Improper Link Resolution Before File Access ('Link Following')","cweUrl: https://cwe.mitre.org/data/definitions/59.html"],"mitreText":"CVE-2026-27456","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27456","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.7","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-59: Improper Link Resolution Before File Access ('Link Following')","https://cwe.mitre.org/data/definitions/59.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-27456","version":1,"revisionDate":"2026-04-05T01:02:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2758a41a-8b30-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-27456","version":1.1,"revisionDate":"2026-04-06T14:38:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d95d673c-c631-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-27456","version":2,"revisionDate":"2026-04-07T01:02:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"413aac6a-1d32-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-27456","version":3,"revisionDate":"2026-04-07T01:41:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0ac424e4-2232-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-27456","version":4,"revisionDate":"2026-04-14T01:41:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"85bcdf1a-a337-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-27456","version":5,"revisionDate":"2026-04-14T14:44:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e5338875-1038-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e22dd063","releaseDate":"2026-04-05T01:02:02-07:00","cveNumber":"CVE-2026-31394","cveTitle":"mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-07T14:37:49-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31394","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31394","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31394","version":1,"revisionDate":"2026-04-05T01:02:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"28bb870d-8b30-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31394","version":2,"revisionDate":"2026-04-07T14:37:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"35b6cd57-8f32-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000cd2ff2bb","releaseDate":"2026-04-05T01:01:45-07:00","cveNumber":"CVE-2026-34990","cveTitle":"OpenPrinting CUPS: Local print admin token disclosure using temporary printers","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-18T14:38:00-07:00","cweList":["CWE-287: Improper Authentication"],"cweDetailsListForSearch":["cwe: CWE-287: Improper Authentication","cweUrl: https://cwe.mitre.org/data/definitions/287.html"],"mitreText":"CVE-2026-34990","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34990","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-287: Improper Authentication","https://cwe.mitre.org/data/definitions/287.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34990","version":1,"revisionDate":"2026-04-05T01:01:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1a17f300-8b30-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34990","version":2,"revisionDate":"2026-04-07T01:41:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0b9bedd0-2232-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34990","version":3,"revisionDate":"2026-04-09T01:01:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1be536ae-af33-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34990","version":4,"revisionDate":"2026-04-18T14:38:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9745692f-343b-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001a3e4b05","releaseDate":"2026-04-05T01:01:39-07:00","cveNumber":"CVE-2026-27447","cveTitle":"OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-18T14:37:53-07:00","cweList":["CWE-863: Incorrect Authorization"],"cweDetailsListForSearch":["cwe: CWE-863: Incorrect Authorization","cweUrl: https://cwe.mitre.org/data/definitions/863.html"],"mitreText":"CVE-2026-27447","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27447","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.8","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-863: Incorrect Authorization","https://cwe.mitre.org/data/definitions/863.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-27447","version":1,"revisionDate":"2026-04-05T01:01:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c848f3fa-8a30-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-27447","version":2,"revisionDate":"2026-04-07T01:01:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0ddf4f5a-1d32-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-27447","version":3,"revisionDate":"2026-04-07T01:40:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"55469ed0-2232-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-27447","version":4,"revisionDate":"2026-04-18T14:37:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ee23e729-343b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ff8ab6a6","releaseDate":"2026-04-05T01:01:34-07:00","cveNumber":"CVE-2026-34978","cveTitle":"OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:49:24-07:00","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"mitreText":"CVE-2026-34978","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34978","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34978","version":1,"revisionDate":"2026-04-05T01:01:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8e48f3fa-8a30-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34978","version":2,"revisionDate":"2026-04-07T01:40:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bd1d96ca-2232-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34978","version":3,"revisionDate":"2026-04-09T01:01:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"950715a5-af33-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34978","version":4,"revisionDate":"2026-04-18T14:37:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1dba6d29-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34978","version":5,"revisionDate":"2026-04-30T01:49:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fd7394cb-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000cc2ff2bb","releaseDate":"2026-04-05T01:01:28-07:00","cveNumber":"CVE-2026-34980","cveTitle":"OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-18T14:37:40-07:00","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"mitreText":"CVE-2026-34980","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34980","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34980","version":1,"revisionDate":"2026-04-05T01:01:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"402df0f4-8a30-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34980","version":4,"revisionDate":"2026-04-18T14:37:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ebf33f23-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34980","version":2,"revisionDate":"2026-04-07T01:40:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fa6186c7-2232-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34980","version":3,"revisionDate":"2026-04-09T01:01:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7022daa6-af33-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000064160f04","releaseDate":"2026-04-05T01:01:23-07:00","cveNumber":"CVE-2026-34979","cveTitle":"OpenPrinting CUPS: Heap overflow in `get_options()`","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-18T14:37:34-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-34979","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34979","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.3","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34979","version":1,"revisionDate":"2026-04-05T01:01:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"082df0f4-8a30-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34979","version":3,"revisionDate":"2026-04-09T01:01:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9f0715a5-af33-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34979","version":2,"revisionDate":"2026-04-07T01:40:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f86186c7-2232-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34979","version":4,"revisionDate":"2026-04-18T14:37:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cc1ca423-343b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000039821f28","releaseDate":"2026-04-04T01:02:38-07:00","cveNumber":"CVE-2026-34743","cveTitle":"XZ Utils: Buffer overflow in lzma_index_append()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-15T01:42:40-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-34743","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34743","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34743","version":1,"revisionDate":"2026-04-04T01:02:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0ccc01f4-c12f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34743","version":2,"revisionDate":"2026-04-07T01:01:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"84e31a57-1d32-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34743","version":3,"revisionDate":"2026-04-09T14:38:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"72a189c2-2134-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34743","version":4,"revisionDate":"2026-04-11T01:40:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6560cd62-4735-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34743","version":5,"revisionDate":"2026-04-14T14:44:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f92c1a6f-1038-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34743","version":6,"revisionDate":"2026-04-15T01:42:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"800f4e63-6c38-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c4b828c1","releaseDate":"2026-04-04T01:02:32-07:00","cveNumber":"CVE-2026-35385","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-11T01:40:03-07:00","cweList":["CWE-281: Improper Preservation of Permissions"],"cweDetailsListForSearch":["cwe: CWE-281: Improper Preservation of Permissions","cweUrl: https://cwe.mitre.org/data/definitions/281.html"],"mitreText":"CVE-2026-35385","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35385","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-281: Improper Preservation of Permissions","https://cwe.mitre.org/data/definitions/281.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35385","version":1,"revisionDate":"2026-04-04T01:02:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"02cc01f4-c12f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35385","version":3,"revisionDate":"2026-04-11T01:40:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"478b9b5b-4735-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35385","version":2,"revisionDate":"2026-04-07T01:02:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3a340f61-1d32-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002944811e","releaseDate":"2026-04-04T01:02:20-07:00","cveNumber":"CVE-2026-35386","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-11T01:39:56-07:00","cweList":["CWE-696: Incorrect Behavior Order"],"cweDetailsListForSearch":["cwe: CWE-696: Incorrect Behavior Order","cweUrl: https://cwe.mitre.org/data/definitions/696.html"],"mitreText":"CVE-2026-35386","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35386","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"3.6","temporalScore":"3.6","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-696: Incorrect Behavior Order","https://cwe.mitre.org/data/definitions/696.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35386","version":1,"revisionDate":"2026-04-04T01:02:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bf53daee-c12f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-35386","version":2,"revisionDate":"2026-04-07T01:02:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2a65d868-1d32-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-35386","version":3,"revisionDate":"2026-04-11T01:39:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"141d9856-4735-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a3a4a903","releaseDate":"2026-04-04T01:02:08-07:00","cveNumber":"CVE-2026-35388","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-11T01:39:45-07:00","cweList":["CWE-420: Unprotected Alternate Channel"],"cweDetailsListForSearch":["cwe: CWE-420: Unprotected Alternate Channel","cweUrl: https://cwe.mitre.org/data/definitions/420.html"],"mitreText":"CVE-2026-35388","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35388","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"2.5","temporalScore":"2.5","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-420: Unprotected Alternate Channel","https://cwe.mitre.org/data/definitions/420.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35388","version":1,"revisionDate":"2026-04-04T01:02:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a691b6e7-c12f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35388","version":2,"revisionDate":"2026-04-07T01:01:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0fdf4f5a-1d32-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-35388","version":3,"revisionDate":"2026-04-11T01:39:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9ba5b74e-4735-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000910611d8","releaseDate":"2026-04-02T18:46:56-07:00","cveNumber":"CVE-2026-5291","cveTitle":"Chromium: CVE-2026-5291 Inappropriate implementation in WebGL","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:56-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5291","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5291","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5291","version":1,"revisionDate":"2026-04-02T18:46:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0e4e3c4f-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000900611d8","releaseDate":"2026-04-02T18:46:55-07:00","cveNumber":"CVE-2026-5290","cveTitle":"Chromium: CVE-2026-5290 Use after free in Compositing","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:55-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5290","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5290","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5290","version":1,"revisionDate":"2026-04-02T18:46:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fc4d3c4f-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000ee916935","releaseDate":"2026-04-02T18:46:55-07:00","cveNumber":"CVE-2026-5289","cveTitle":"Chromium: CVE-2026-5289 Use after free in Navigation","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:55-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5289","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5289","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5289","version":1,"revisionDate":"2026-04-02T18:46:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e74d3c4f-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f4916935","releaseDate":"2026-04-02T18:46:54-07:00","cveNumber":"CVE-2026-5287","cveTitle":"Chromium: CVE-2026-5287 Use after free in PDF","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:54-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5287","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5287","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5287","version":1,"revisionDate":"2026-04-02T18:46:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d54d3c4f-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f3916935","releaseDate":"2026-04-02T18:46:53-07:00","cveNumber":"CVE-2026-5286","cveTitle":"Chromium: CVE-2026-5286 Use after free in Dawn","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:53-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5286","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5286","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5286","version":1,"revisionDate":"2026-04-02T18:46:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c34d3c4f-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f2916935","releaseDate":"2026-04-02T18:46:52-07:00","cveNumber":"CVE-2026-5285","cveTitle":"Chromium: CVE-2026-5285 Use after free in WebGL","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:52-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5285","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5285","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5285","version":1,"revisionDate":"2026-04-02T18:46:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b14d3c4f-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f1916935","releaseDate":"2026-04-02T18:46:51-07:00","cveNumber":"CVE-2026-5284","cveTitle":"Chromium: CVE-2026-5284 Use after free in Dawn","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:51-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5284","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5284","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5284","version":1,"revisionDate":"2026-04-02T18:46:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9f4d3c4f-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f8916935","releaseDate":"2026-04-02T18:46:50-07:00","cveNumber":"CVE-2026-5283","cveTitle":"Chromium: CVE-2026-5283 Inappropriate implementation in ANGLE","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:50-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5283","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5283","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5283","version":1,"revisionDate":"2026-04-02T18:46:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"80132449-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f6916935","releaseDate":"2026-04-02T18:46:49-07:00","cveNumber":"CVE-2026-5281","cveTitle":"Chromium: CVE-2026-5281 Use after free in Dawn","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:49-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information. Google is aware that an exploit for CVE-2026-5281 exists in the wild.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information. Google is aware that an exploit for CVE-2026-5281 exists in the wild.","mitreText":"CVE-2026-5281","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5281","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5281","version":1,"revisionDate":"2026-04-02T18:46:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6e132449-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f5916935","releaseDate":"2026-04-02T18:46:48-07:00","cveNumber":"CVE-2026-5280","cveTitle":"Chromium: CVE-2026-5280 Use after free in WebCodecs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:48-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5280","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5280","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5280","version":1,"revisionDate":"2026-04-02T18:46:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"58132449-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e74a2408","releaseDate":"2026-04-02T18:46:47-07:00","cveNumber":"CVE-2026-5279","cveTitle":"Chromium: CVE-2026-5279 Object corruption in V8","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:47-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5279","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5279","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5279","version":1,"revisionDate":"2026-04-02T18:46:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"46132449-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000ed4a2408","releaseDate":"2026-04-02T18:46:46-07:00","cveNumber":"CVE-2026-5277","cveTitle":"Chromium: CVE-2026-5277 Integer overflow in ANGLE","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:46-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5277","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5277","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5277","version":1,"revisionDate":"2026-04-02T18:46:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"34132449-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000ec4a2408","releaseDate":"2026-04-02T18:46:45-07:00","cveNumber":"CVE-2026-5276","cveTitle":"Chromium: CVE-2026-5276 Insufficient policy enforcement in WebUSB","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:45-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5276","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5276","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5276","version":1,"revisionDate":"2026-04-02T18:46:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"21132449-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000eb4a2408","releaseDate":"2026-04-02T18:46:44-07:00","cveNumber":"CVE-2026-5275","cveTitle":"Chromium: CVE-2026-5275 Heap buffer overflow in ANGLE","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:44-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5275","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5275","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5275","version":1,"revisionDate":"2026-04-02T18:46:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0f132449-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000ea4a2408","releaseDate":"2026-04-02T18:46:43-07:00","cveNumber":"CVE-2026-5274","cveTitle":"Chromium: CVE-2026-5274 Integer overflow in Codecs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:43-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5274","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5274","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5274","version":1,"revisionDate":"2026-04-02T18:46:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fd122449-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f14a2408","releaseDate":"2026-04-02T18:46:42-07:00","cveNumber":"CVE-2026-5273","cveTitle":"Chromium: CVE-2026-5273 Use after free in CSS","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:42-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5273","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5273","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5273","version":1,"revisionDate":"2026-04-02T18:46:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"eb122449-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f04a2408","releaseDate":"2026-04-02T18:46:41-07:00","cveNumber":"CVE-2026-5272","cveTitle":"Chromium: CVE-2026-5272 Heap buffer overflow in GPU","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T18:46:41-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5272","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5272","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-5272","version":1,"revisionDate":"2026-04-02T18:46:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d9122449-c42e-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00000007f3b9","releaseDate":"2026-04-02T07:00:00-07:00","cveNumber":"CVE-2026-32186","cveTitle":"Microsoft Bing Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-07T07:00:00-07:00","description":"<p>Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-918: Server-Side Request Forgery (SSRF)"],"cweDetailsListForSearch":["cwe: CWE-918: Server-Side Request Forgery (SSRF)","cweUrl: https://cwe.mitre.org/data/definitions/918.html"],"unformattedDescription":"Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-32186","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32186","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Bing","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"10.0","temporalScore":"8.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-918: Server-Side Request Forgery (SSRF)","https://cwe.mitre.org/data/definitions/918.html"]}],"articles":[{"title":"Microsoft Bing Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32186","version":1,"revisionDate":"2026-04-02T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c122745b-da22-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-32186","version":1.1,"revisionDate":"2026-04-07T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Updated information to include CVSS scores. This is an informational change only.</p>\n","unformattedDescription":"Updated information to include CVSS scores. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"28d957d8-9132-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d864e9a1","releaseDate":"2026-04-02T07:00:00-07:00","cveNumber":"CVE-2026-32173","cveTitle":"Azure SRE Agent Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T07:00:00-07:00","description":"<p>Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.</p>\n","cweList":["CWE-287: Improper Authentication"],"cweDetailsListForSearch":["cwe: CWE-287: Improper Authentication","cweUrl: https://cwe.mitre.org/data/definitions/287.html"],"unformattedDescription":"Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-32173","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32173","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure SRE Agent","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"8.6","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-287: Improper Authentication","https://cwe.mitre.org/data/definitions/287.html"]}],"articles":[{"title":"Azure SRE Agent Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32173","version":1,"revisionDate":"2026-04-02T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d00e07fa-6421-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000920611d8","releaseDate":"2026-04-02T07:00:00-07:00","cveNumber":"CVE-2026-5292","cveTitle":"Chromium: CVE-2026-5292 Out of bounds read in WebCodecs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-02T07:00:00-07:00","description":"<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-5292","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5292","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>146.0.3856.97</td>\n<td>04/02/2026</td>\n<td>146.0.7680.178</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-5292","version":1,"revisionDate":"2026-04-02T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0d0687b0-c52e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000171f0453","releaseDate":"2026-04-02T01:06:16-07:00","cveNumber":"CVE-2026-29785","cveTitle":"NATS Server panic via malicious compression on leafnode port","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-08T01:38:58-07:00","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"mitreText":"CVE-2026-29785","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-29785","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-29785","version":1,"revisionDate":"2026-04-02T01:06:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8fb19125-302e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-29785","version":2,"revisionDate":"2026-04-02T14:39:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"51e8b8be-a12e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-29785","version":3,"revisionDate":"2026-04-08T01:38:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3ed4ecb4-eb32-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00003763c8d0","releaseDate":"2026-04-02T01:06:08-07:00","cveNumber":"CVE-2026-33216","cveTitle":"NATS has MQTT plaintext password disclosure","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-08T01:38:51-07:00","cweList":["CWE-256: Plaintext Storage of a Password"],"cweDetailsListForSearch":["cwe: CWE-256: Plaintext Storage of a Password","cweUrl: https://cwe.mitre.org/data/definitions/256.html"],"mitreText":"CVE-2026-33216","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33216","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.6","temporalScore":"8.6","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-256: Plaintext Storage of a Password","https://cwe.mitre.org/data/definitions/256.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33216","version":1,"revisionDate":"2026-04-02T01:06:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5a60381f-302e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33216","version":2,"revisionDate":"2026-04-02T14:39:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8d5cbfb8-a12e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33216","version":3,"revisionDate":"2026-04-08T01:38:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4ddd59ae-eb32-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000a952baff","releaseDate":"2026-04-02T01:05:41-07:00","cveNumber":"CVE-2026-2436","cveTitle":"Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:44:01-07:00","cweList":["CWE-825: Expired Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-825: Expired Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/825.html"],"mitreText":"CVE-2026-2436","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-2436","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-825: Expired Pointer Dereference","https://cwe.mitre.org/data/definitions/825.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-2436","version":1,"revisionDate":"2026-04-02T01:05:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9e79fd11-302e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-2436","version":2,"revisionDate":"2026-04-02T14:39:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"001a97ac-a12e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-2436","version":3,"revisionDate":"2026-04-09T14:38:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"21d339b8-2134-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-2436","version":4,"revisionDate":"2026-04-14T14:44:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b2df0a5f-1038-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000cafd7ae0","releaseDate":"2026-04-02T01:05:31-07:00","cveNumber":"CVE-2026-4897","cveTitle":"Polkit: polkit: denial of service via unbounded input processing through standard input","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:44:19-07:00","cweList":["CWE-770: Allocation of Resources Without Limits or Throttling"],"cweDetailsListForSearch":["cwe: CWE-770: Allocation of Resources Without Limits or Throttling","cweUrl: https://cwe.mitre.org/data/definitions/770.html"],"mitreText":"CVE-2026-4897","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-4897","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.5","temporalScore":"5.5","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-770: Allocation of Resources Without Limits or Throttling","https://cwe.mitre.org/data/definitions/770.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-4897","version":1,"revisionDate":"2026-04-02T01:05:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e6127b0b-302e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-4897","version":2,"revisionDate":"2026-04-03T01:39:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6086ffef-fd2e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-4897","version":3,"revisionDate":"2026-04-09T01:40:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"311f6817-b533-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-4897","version":4,"revisionDate":"2026-04-14T14:44:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a5d0c466-1038-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000904dfda","releaseDate":"2026-04-02T01:04:42-07:00","cveNumber":"CVE-2026-5121","cveTitle":"Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:38:22-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-5121","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5121","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"9.8","temporalScore":"9.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-5121","version":1,"revisionDate":"2026-04-02T01:04:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fc5d73ea-2f2e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5121","version":2,"revisionDate":"2026-04-22T14:37:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3066a2ca-583e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5121","version":3,"revisionDate":"2026-04-24T14:38:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1135993d-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001eed2d20","releaseDate":"2026-04-02T01:04:34-07:00","cveNumber":"CVE-2026-5201","cveTitle":"Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-08T01:38:43-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-5201","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5201","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-5201","version":1,"revisionDate":"2026-04-02T01:04:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8ec23ee4-2f2e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5201","version":2,"revisionDate":"2026-04-02T14:38:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fc78f39f-a12e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5201","version":3,"revisionDate":"2026-04-08T01:38:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"43dd59ae-eb32-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00009aa287ab","releaseDate":"2026-04-02T01:04:20-07:00","cveNumber":"CVE-2026-33554","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-08T01:38:36-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-33554","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33554","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33554","version":1,"revisionDate":"2026-04-02T01:04:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc656edd-2f2e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33554","version":2,"revisionDate":"2026-04-02T14:38:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e34beb93-a12e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33554","version":3,"revisionDate":"2026-04-08T01:38:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e89371a7-eb32-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000f8825e35","releaseDate":"2026-04-02T01:01:28-07:00","cveNumber":"CVE-2026-23401","cveTitle":"KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:44:05-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23401","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23401","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23401","version":1,"revisionDate":"2026-04-02T01:01:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"355d8476-2f2e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23401","version":2,"revisionDate":"2026-04-03T01:39:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a7390be4-fd2e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23401","version":3,"revisionDate":"2026-04-18T14:37:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"54ffb01c-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23401","version":4,"revisionDate":"2026-04-26T01:02:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4e8794a7-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23401","version":5,"revisionDate":"2026-04-27T14:41:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f7f8a134-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23401","version":6,"revisionDate":"2026-04-29T14:44:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"13eb0be0-d943-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000074641783","releaseDate":"2026-04-01T01:19:42-07:00","cveNumber":"CVE-2026-21713","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-09T01:39:52-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-21713","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21713","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"hackerone","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.9","temporalScore":"5.9","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","vectorStringSource":"hackerone","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-21713","version":2,"revisionDate":"2026-04-08T01:38:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e163239e-eb32-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21713","version":3,"revisionDate":"2026-04-09T01:39:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a95b1800-b533-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21713","version":1,"revisionDate":"2026-04-01T01:19:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e312b9db-682d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000045c20d6b","releaseDate":"2026-04-01T01:19:13-07:00","cveNumber":"CVE-2026-21716","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-09T01:40:06-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-21716","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21716","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"hackerone","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"3.3","temporalScore":"3.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","vectorStringSource":"hackerone","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-21716","version":2,"revisionDate":"2026-04-08T01:38:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fa124797-eb32-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21716","version":3,"revisionDate":"2026-04-09T01:40:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f2754607-b533-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21716","version":1,"revisionDate":"2026-04-01T01:19:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6182c5c9-682d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007bab5cb0","releaseDate":"2026-04-01T01:18:43-07:00","cveNumber":"CVE-2026-21714","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-09T01:39:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-21714","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21714","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"hackerone","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.3","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","vectorStringSource":"hackerone","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-21714","version":2,"revisionDate":"2026-04-08T01:38:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"971ed090-eb32-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21714","version":1,"revisionDate":"2026-04-01T01:18:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1ea99eb7-682d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-21714","version":3,"revisionDate":"2026-04-09T01:39:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"05df9dff-b433-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000016200453","releaseDate":"2026-04-01T01:18:03-07:00","cveNumber":"CVE-2026-21715","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-09T01:40:20-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-21715","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21715","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"hackerone","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"3.3","temporalScore":"3.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","vectorStringSource":"hackerone","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-21715","version":2,"revisionDate":"2026-04-08T01:37:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8f1ed090-eb32-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21715","version":3,"revisionDate":"2026-04-09T01:40:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fc79b40f-b533-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21715","version":1,"revisionDate":"2026-04-01T01:18:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"112d6ba5-682d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000fd9be25","releaseDate":"2026-04-01T01:16:56-07:00","cveNumber":"CVE-2026-21710","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-09T01:40:13-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-21710","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21710","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"hackerone","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"hackerone","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-21710","version":2,"revisionDate":"2026-04-08T01:38:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d463239e-eb32-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21710","version":1,"revisionDate":"2026-04-01T01:16:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bcbde378-682d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-21710","version":3,"revisionDate":"2026-04-09T01:40:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc4b6308-b533-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e036b50d","releaseDate":"2026-04-01T01:16:14-07:00","cveNumber":"CVE-2026-21717","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:43:36-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-21717","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21717","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"hackerone","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.9","temporalScore":"5.9","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"hackerone","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-21717","version":2,"revisionDate":"2026-04-09T01:39:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"24938ff7-b433-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21717","version":1,"revisionDate":"2026-04-01T01:16:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8d17c55f-682d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-21717","version":3,"revisionDate":"2026-04-29T14:43:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"afe9edcf-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000073b2b39a","releaseDate":"2026-04-01T01:14:55-07:00","cveNumber":"CVE-2026-34714","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-08T01:37:47-07:00","cweList":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/78.html"],"mitreText":"CVE-2026-34714","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34714","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"9.2","temporalScore":"9.2","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","https://cwe.mitre.org/data/definitions/78.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34714","version":2,"revisionDate":"2026-04-02T01:06:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e7bf9333-302e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34714","version":3,"revisionDate":"2026-04-08T01:37:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1924f689-eb32-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34714","version":1,"revisionDate":"2026-04-01T01:14:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"57ed9830-682d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000044e652ec","releaseDate":"2026-04-01T01:14:28-07:00","cveNumber":"CVE-2025-66038","cveTitle":"OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:47:08-07:00","cweList":["CWE-126: Buffer Over-read"],"cweDetailsListForSearch":["cwe: CWE-126: Buffer Over-read","cweUrl: https://cwe.mitre.org/data/definitions/126.html"],"mitreText":"CVE-2025-66038","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-66038","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"3.9","temporalScore":"3.9","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-126: Buffer Over-read","https://cwe.mitre.org/data/definitions/126.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2025-66038","version":2,"revisionDate":"2026-04-02T01:05:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2130c2f7-2f2e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-66038","version":1,"revisionDate":"2026-04-01T01:14:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cbb6a220-682d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-66038","version":3,"revisionDate":"2026-04-03T01:38:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1f603bdf-fd2e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-66038","version":4,"revisionDate":"2026-04-09T01:39:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a7e932f9-b433-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-66038","version":5,"revisionDate":"2026-04-14T14:43:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c4230851-1038-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-66038","version":6,"revisionDate":"2026-04-30T01:47:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1a0a537c-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003d9f0dbf","releaseDate":"2026-04-01T01:14:06-07:00","cveNumber":"CVE-2025-66037","cveTitle":"OpenSC: Out of Bounds vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:47:31-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2025-66037","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-66037","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"3.9","temporalScore":"3.9","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2025-66037","version":2,"revisionDate":"2026-04-02T01:05:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ae2cdcfd-2f2e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-66037","version":3,"revisionDate":"2026-04-02T14:37:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cae04a86-a12e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-66037","version":4,"revisionDate":"2026-04-09T01:39:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"30b420f1-b433-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-66037","version":1,"revisionDate":"2026-04-01T01:14:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"82b22313-682d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-66037","version":5,"revisionDate":"2026-04-30T01:47:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1627ee8f-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007b783015","releaseDate":"2026-04-01T01:13:44-07:00","cveNumber":"CVE-2025-66215","cveTitle":"OpenSC: Stack-buffer-overflow WRITE in card-oberthur","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:47:48-07:00","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"mitreText":"CVE-2025-66215","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-66215","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"3.8","temporalScore":"3.8","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2025-66215","version":2,"revisionDate":"2026-04-02T01:05:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b52cdcfd-2f2e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-66215","version":3,"revisionDate":"2026-04-02T14:37:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f7afe57f-a12e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-66215","version":4,"revisionDate":"2026-04-09T01:39:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"29b420f1-b433-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-66215","version":1,"revisionDate":"2026-04-01T01:13:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"887d6406-682d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-66215","version":5,"revisionDate":"2026-04-30T01:47:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1da7c496-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000051326902","releaseDate":"2026-04-01T01:13:21-07:00","cveNumber":"CVE-2025-49010","cveTitle":"OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:46:54-07:00","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"mitreText":"CVE-2025-49010","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-49010","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"3.8","temporalScore":"3.8","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2025-49010","version":1,"revisionDate":"2026-04-01T01:13:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"27c2f9fb-672d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-49010","version":2,"revisionDate":"2026-04-02T01:04:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1930c2f7-2f2e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-49010","version":4,"revisionDate":"2026-04-09T01:39:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f2fd0eeb-b433-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-49010","version":3,"revisionDate":"2026-04-03T01:38:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2d1c44d9-fd2e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-49010","version":5,"revisionDate":"2026-04-14T14:43:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7627054b-1038-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-49010","version":6,"revisionDate":"2026-04-30T01:46:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c7119f73-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000039ed2d20","releaseDate":"2026-03-31T14:01:22-07:00","cveNumber":"CVE-2026-5107","cveTitle":"FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:42:52-07:00","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"mitreText":"CVE-2026-5107","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5107","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"VulDB","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.2","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C","vectorStringSource":"VulDB","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-5107","version":2,"revisionDate":"2026-04-02T01:04:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"78c23ee4-2f2e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5107","version":3,"revisionDate":"2026-04-02T01:39:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"608e95bc-342e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5107","version":5,"revisionDate":"2026-04-09T14:37:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0343fdaf-2134-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5107","version":1,"revisionDate":"2026-03-31T14:01:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e2fe9815-0a2d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-5107","version":4,"revisionDate":"2026-04-03T01:39:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d17889e5-fd2e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-5107","version":6,"revisionDate":"2026-04-14T14:42:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"518f9e33-1038-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000065b93866","releaseDate":"2026-03-31T01:02:57-07:00","cveNumber":"CVE-2026-33542","cveTitle":"Incus does not verify combined fingerprint when downloading images from simplestreams servers","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:45:45-07:00","cweList":["CWE-295: Improper Certificate Validation"],"cweDetailsListForSearch":["cwe: CWE-295: Improper Certificate Validation","cweUrl: https://cwe.mitre.org/data/definitions/295.html"],"mitreText":"CVE-2026-33542","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33542","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-295: Improper Certificate Validation","https://cwe.mitre.org/data/definitions/295.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33542","version":2,"revisionDate":"2026-03-31T15:06:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e81d3c2e-132d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33542","version":5,"revisionDate":"2026-04-29T14:43:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3200a9bf-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33542","version":1,"revisionDate":"2026-03-31T01:02:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0fb9295b-9d2c-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33542","version":3,"revisionDate":"2026-04-01T01:58:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e8a2cb3a-6e2d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33542","version":4,"revisionDate":"2026-04-02T01:40:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"db9812e1-342e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33542","version":6,"revisionDate":"2026-04-30T01:45:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e5874351-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000024e01510","releaseDate":"2026-03-31T01:02:19-07:00","cveNumber":"CVE-2026-33750","cveTitle":"brace-expansion: Zero-step sequence causes process hang and memory exhaustion","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T01:37:20-07:00","cweList":["CWE-400: Uncontrolled Resource Consumption"],"cweDetailsListForSearch":["cwe: CWE-400: Uncontrolled Resource Consumption","cweUrl: https://cwe.mitre.org/data/definitions/400.html"],"mitreText":"CVE-2026-33750","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33750","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-400: Uncontrolled Resource Consumption","https://cwe.mitre.org/data/definitions/400.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33750","version":2,"revisionDate":"2026-03-31T15:05:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3ee2fa10-132d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33750","version":3,"revisionDate":"2026-04-01T01:57:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f13cd934-6e2d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33750","version":4,"revisionDate":"2026-04-02T01:39:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b1579ed4-342e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33750","version":5,"revisionDate":"2026-04-22T01:42:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d5969978-ec3d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33750","version":1,"revisionDate":"2026-03-31T01:02:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3b058f40-9d2c-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33750","version":6,"revisionDate":"2026-04-23T01:37:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"192521f6-b43e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000026a27706","releaseDate":"2026-03-31T01:02:05-07:00","cveNumber":"CVE-2026-34353","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-01T01:57:48-07:00","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"mitreText":"CVE-2026-34353","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34353","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.9","temporalScore":"5.9","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34353","version":3,"revisionDate":"2026-04-01T01:57:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0d090b2e-6e2d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34353","version":1,"revisionDate":"2026-03-31T01:02:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d776e339-9d2c-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34353","version":2,"revisionDate":"2026-03-31T15:05:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"36b5c3fe-122d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d9ef6fe0","releaseDate":"2026-03-31T01:01:57-07:00","cveNumber":"CVE-2026-21712","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-09T01:39:07-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-21712","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21712","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"hackerone","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.7","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","vectorStringSource":"hackerone","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-21712","version":1,"revisionDate":"2026-03-31T01:01:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cfe88737-9d2c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21712","version":3,"revisionDate":"2026-04-09T01:39:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"58e8a6e4-b433-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21712","version":2,"revisionDate":"2026-04-01T01:57:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ef40ac28-6e2d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b931527c","releaseDate":"2026-03-31T01:01:52-07:00","cveNumber":"CVE-2026-0964","cveTitle":"Libssh: improper sanitation of paths received from scp servers","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:43:16-07:00","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"mitreText":"CVE-2026-0964","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-0964","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.0","temporalScore":"5.0","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-0964","version":2,"revisionDate":"2026-03-31T15:04:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8a4c6bdd-122d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-0964","version":4,"revisionDate":"2026-04-02T01:39:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8d54a5ce-342e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-0964","version":1,"revisionDate":"2026-03-31T01:01:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4efe5533-9d2c-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-0964","version":3,"revisionDate":"2026-04-01T01:57:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e90ac22-6e2d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-0964","version":5,"revisionDate":"2026-04-14T01:41:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9ff60f08-a337-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-0964","version":6,"revisionDate":"2026-04-14T14:43:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"04951841-1038-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b731527c","releaseDate":"2026-03-31T01:01:44-07:00","cveNumber":"CVE-2026-0966","cveTitle":"Libssh: buffer underflow in ssh_get_hexa() on invalid input","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:43:10-07:00","cweList":["CWE-124: Buffer Underwrite ('Buffer Underflow')"],"cweDetailsListForSearch":["cwe: CWE-124: Buffer Underwrite ('Buffer Underflow')","cweUrl: https://cwe.mitre.org/data/definitions/124.html"],"mitreText":"CVE-2026-0966","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-0966","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-124: Buffer Underwrite ('Buffer Underflow')","https://cwe.mitre.org/data/definitions/124.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-0966","version":2,"revisionDate":"2026-03-31T15:03:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"772c5cd0-122d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-0966","version":3,"revisionDate":"2026-04-01T01:57:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f820f921-6e2d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-0966","version":4,"revisionDate":"2026-04-02T01:39:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1dcd97c8-342e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-0966","version":5,"revisionDate":"2026-04-14T01:41:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d6652404-a337-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-0966","version":1,"revisionDate":"2026-03-31T01:01:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a433dc2c-9d2c-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-0966","version":6,"revisionDate":"2026-04-14T14:43:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f8941841-1038-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b631527c","releaseDate":"2026-03-31T01:01:35-07:00","cveNumber":"CVE-2026-0967","cveTitle":"Libssh: libssh: denial of service via inefficient regular expression processing","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:43:05-07:00","cweList":["CWE-1333: Inefficient Regular Expression Complexity"],"cweDetailsListForSearch":["cwe: CWE-1333: Inefficient Regular Expression Complexity","cweUrl: https://cwe.mitre.org/data/definitions/1333.html"],"mitreText":"CVE-2026-0967","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-0967","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"2.2","temporalScore":"2.2","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1333: Inefficient Regular Expression Complexity","https://cwe.mitre.org/data/definitions/1333.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-0967","version":2,"revisionDate":"2026-03-31T15:03:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"957debbc-122d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-0967","version":4,"revisionDate":"2026-04-02T01:39:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"16dd99c2-342e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-0967","version":5,"revisionDate":"2026-04-14T01:41:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aab25ffc-a237-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-0967","version":1,"revisionDate":"2026-03-31T01:01:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1f927926-9d2c-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-0967","version":3,"revisionDate":"2026-04-01T01:57:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a872af1c-6e2d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-0967","version":6,"revisionDate":"2026-04-14T14:43:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4f480c3a-1038-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b831527c","releaseDate":"2026-03-31T01:01:22-07:00","cveNumber":"CVE-2026-0965","cveTitle":"Libssh: libssh: denial of service via improper configuration file handling","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T14:42:59-07:00","cweList":["CWE-73: External Control of File Name or Path"],"cweDetailsListForSearch":["cwe: CWE-73: External Control of File Name or Path","cweUrl: https://cwe.mitre.org/data/definitions/73.html"],"mitreText":"CVE-2026-0965","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-0965","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"3.3","temporalScore":"3.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-73: External Control of File Name or Path","https://cwe.mitre.org/data/definitions/73.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-0965","version":1,"revisionDate":"2026-03-31T01:01:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b6369c25-9d2c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-0965","version":4,"revisionDate":"2026-04-02T01:39:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cbdc99c2-342e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-0965","version":2,"revisionDate":"2026-03-31T15:02:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8e1760ab-122d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-0965","version":3,"revisionDate":"2026-04-01T01:57:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e472b816-6e2d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-0965","version":5,"revisionDate":"2026-04-14T01:40:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ef386fd-a237-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-0965","version":6,"revisionDate":"2026-04-14T14:42:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3a480c3a-1038-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b5150e7d","releaseDate":"2026-03-29T01:03:13-07:00","cveNumber":"CVE-2026-33672","cveTitle":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-22T01:41:38-07:00","cweList":["CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')"],"cweDetailsListForSearch":["cwe: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","cweUrl: https://cwe.mitre.org/data/definitions/1321.html"],"mitreText":"CVE-2026-33672","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33672","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.3","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","https://cwe.mitre.org/data/definitions/1321.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33672","version":2,"revisionDate":"2026-03-30T14:38:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"df91cc26-462c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33672","version":4,"revisionDate":"2026-04-16T14:37:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f3d01ad5-a139-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33672","version":1,"revisionDate":"2026-03-29T01:03:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ec41f50e-0b2b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33672","version":3,"revisionDate":"2026-04-14T14:42:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"438f9e33-1038-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33672","version":5,"revisionDate":"2026-04-22T01:41:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"69c1f364-ec3d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000086730465","releaseDate":"2026-03-29T01:03:00-07:00","cveNumber":"CVE-2026-33671","cveTitle":"Picomatch has a ReDoS vulnerability via extglob quantifiers","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-16T14:37:41-07:00","cweList":["CWE-1333: Inefficient Regular Expression Complexity"],"cweDetailsListForSearch":["cwe: CWE-1333: Inefficient Regular Expression Complexity","cweUrl: https://cwe.mitre.org/data/definitions/1333.html"],"mitreText":"CVE-2026-33671","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33671","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1333: Inefficient Regular Expression Complexity","https://cwe.mitre.org/data/definitions/1333.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33671","version":2,"revisionDate":"2026-03-30T14:38:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bcfea620-462c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33671","version":5,"revisionDate":"2026-04-16T14:37:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cf3829ce-a139-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33671","version":1,"revisionDate":"2026-03-29T01:03:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1cda3a02-0b2b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33671","version":3,"revisionDate":"2026-04-14T14:42:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a998552b-1038-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33671","version":4,"revisionDate":"2026-04-15T01:38:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"91a6e2ce-6b38-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004b4117d7","releaseDate":"2026-03-29T01:02:46-07:00","cveNumber":"CVE-2025-67030","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-01T01:57:06-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2025-67030","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-67030","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.8","temporalScore":"8.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2025-67030","version":2,"revisionDate":"2026-03-30T14:38:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"da21af1a-462c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-67030","version":3,"revisionDate":"2026-03-31T01:39:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"26f0ba6a-a22c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-67030","version":4,"revisionDate":"2026-03-31T15:02:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"59a73691-122d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-67030","version":5,"revisionDate":"2026-04-01T01:57:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"316b7712-6e2d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2025-67030","version":1,"revisionDate":"2026-03-29T01:02:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"75f66ffb-0a2b-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001c6528af","releaseDate":"2026-03-29T01:02:28-07:00","cveNumber":"CVE-2026-25645","cveTitle":"Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-03-31T15:01:09-07:00","cweList":["CWE-377: Insecure Temporary File"],"cweDetailsListForSearch":["cwe: CWE-377: Insecure Temporary File","cweUrl: https://cwe.mitre.org/data/definitions/377.html"],"mitreText":"CVE-2026-25645","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-25645","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.4","temporalScore":"4.4","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-377: Insecure Temporary File","https://cwe.mitre.org/data/definitions/377.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-25645","version":1,"revisionDate":"2026-03-29T01:02:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fd325bf1-0a2b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-25645","version":4,"revisionDate":"2026-03-31T15:01:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e7b77276-122d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-25645","version":2,"revisionDate":"2026-03-30T14:38:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"297d3011-462c-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-25645","version":3,"revisionDate":"2026-03-31T01:38:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9e21de57-a22c-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000025e8ab07","releaseDate":"2026-03-29T01:02:20-07:00","cveNumber":"CVE-2026-33636","cveTitle":"LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-15T01:38:17-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-33636","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33636","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.6","temporalScore":"7.6","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33636","version":3,"revisionDate":"2026-03-31T01:39:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e0609764-a22c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33636","version":4,"revisionDate":"2026-03-31T15:00:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"68ad4760-122d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33636","version":5,"revisionDate":"2026-04-02T01:06:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f7dc892c-302e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33636","version":6,"revisionDate":"2026-04-15T01:38:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7ea598c7-6b38-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33636","version":1,"revisionDate":"2026-03-29T01:02:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c3e100ee-0a2b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-33636","version":2,"revisionDate":"2026-03-30T14:38:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"85ab5c0a-462c-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000099aa1da3","releaseDate":"2026-03-29T01:02:12-07:00","cveNumber":"CVE-2026-33416","cveTitle":"LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-15T01:38:06-07:00","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"mitreText":"CVE-2026-33416","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33416","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33416","version":1,"revisionDate":"2026-03-29T01:02:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a11508e7-0a2b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33416","version":2,"revisionDate":"2026-03-30T14:37:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c7b22306-462c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33416","version":3,"revisionDate":"2026-03-31T01:38:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9371625e-a22c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33416","version":4,"revisionDate":"2026-03-31T15:00:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"48e7874d-122d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33416","version":5,"revisionDate":"2026-04-02T01:05:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"97b96618-302e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33416","version":6,"revisionDate":"2026-04-15T01:38:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4f81cec0-6b38-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000024163dc7","releaseDate":"2026-03-29T01:02:04-07:00","cveNumber":"CVE-2026-3591","cveTitle":"A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-03-31T14:59:36-07:00","cweList":["CWE-562: Return of Stack Variable Address"],"cweDetailsListForSearch":["cwe: CWE-562: Return of Stack Variable Address","cweUrl: https://cwe.mitre.org/data/definitions/562.html"],"mitreText":"CVE-2026-3591","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-3591","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"isc","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.4","temporalScore":"5.4","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","vectorStringSource":"isc","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-562: Return of Stack Variable Address","https://cwe.mitre.org/data/definitions/562.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-3591","version":2,"revisionDate":"2026-03-30T14:37:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bdb22306-462c-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-3591","version":3,"revisionDate":"2026-03-31T14:59:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2ea90a3b-122d-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-3591","version":1,"revisionDate":"2026-03-29T01:02:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"395e8fe5-0a2b-f111-93fa-000d3afbc7d7"}]}],"@odata.nextLink":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/vulnerability?$skip=500"}