{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability","@odata.count":20852,"value":[{"id":"00000000-0000-0000-0000-00004a9b4f84","releaseDate":"2026-06-13T01:01:54-07:00","cveNumber":"CVE-2026-52858","cveTitle":"Vim: Arbitrary Code Execution via Python Omni-Completion","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-13T01:01:54-07:00","cweList":["CWE-94: Improper Control of Generation of Code ('Code Injection')"],"cweDetailsListForSearch":["cwe: CWE-94: Improper Control of Generation of Code ('Code Injection')","cweUrl: https://cwe.mitre.org/data/definitions/94.html"],"mitreText":"CVE-2026-52858","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-52858","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-94: Improper Control of Generation of Code ('Code Injection')","https://cwe.mitre.org/data/definitions/94.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-52858","version":1,"revisionDate":"2026-06-13T01:01:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"acc42a77-c366-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005af0edfa","releaseDate":"2026-06-13T01:01:47-07:00","cveNumber":"CVE-2026-47162","cveTitle":"Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-13T01:01:47-07:00","cweList":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"],"cweDetailsListForSearch":["cwe: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","cweUrl: https://cwe.mitre.org/data/definitions/74.html"],"mitreText":"CVE-2026-47162","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47162","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","https://cwe.mitre.org/data/definitions/74.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-47162","version":1,"revisionDate":"2026-06-13T01:01:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"456b2a71-c366-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000061373328","releaseDate":"2026-06-13T01:01:41-07:00","cveNumber":"CVE-2026-47167","cveTitle":"Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-13T01:01:41-07:00","cweList":["CWE-94: Improper Control of Generation of Code ('Code Injection')"],"cweDetailsListForSearch":["cwe: CWE-94: Improper Control of Generation of Code ('Code Injection')","cweUrl: https://cwe.mitre.org/data/definitions/94.html"],"mitreText":"CVE-2026-47167","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47167","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-94: Improper Control of Generation of Code ('Code Injection')","https://cwe.mitre.org/data/definitions/94.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-47167","version":1,"revisionDate":"2026-06-13T01:01:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ca57e46a-c366-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e50ff726","releaseDate":"2026-06-13T01:01:34-07:00","cveNumber":"CVE-2026-52859","cveTitle":"Vim: Out-of-bounds Read in Terminal Screen Snapshot","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-13T01:01:34-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-52859","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-52859","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-52859","version":1,"revisionDate":"2026-06-13T01:01:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bc57e46a-c366-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000023408b99","releaseDate":"2026-06-13T01:01:27-07:00","cveNumber":"CVE-2026-52860","cveTitle":"Vim: Arbitrary Code Execution via Python Omni-Completion","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-13T01:01:27-07:00","cweList":["CWE-94: Improper Control of Generation of Code ('Code Injection')"],"cweDetailsListForSearch":["cwe: CWE-94: Improper Control of Generation of Code ('Code Injection')","cweUrl: https://cwe.mitre.org/data/definitions/94.html"],"mitreText":"CVE-2026-52860","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-52860","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-94: Improper Control of Generation of Code ('Code Injection')","https://cwe.mitre.org/data/definitions/94.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-52860","version":1,"revisionDate":"2026-06-13T01:01:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ac8e1e64-c366-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002da2fa72","releaseDate":"2026-06-11T01:01:37-07:00","cveNumber":"CVE-2026-10846","cveTitle":"Insufficient verification that responses belong to a query","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-13T01:43:38-07:00","cweList":["CWE-346: Origin Validation Error"],"cweDetailsListForSearch":["cwe: CWE-346: Origin Validation Error","cweUrl: https://cwe.mitre.org/data/definitions/346.html"],"mitreText":"CVE-2026-10846","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10846","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"NLnet Labs","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-346: Origin Validation Error","https://cwe.mitre.org/data/definitions/346.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-10846","version":1,"revisionDate":"2026-06-11T01:01:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"18687e17-3165-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-10846","version":2,"revisionDate":"2026-06-13T01:43:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4f09c348-c966-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007c7498fd","releaseDate":"2026-06-11T01:01:31-07:00","cveNumber":"CVE-2026-11822","cveTitle":"SQLite before 3.53.2 Memory Corruption in FTS5 Extension","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-13T01:43:31-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-11822","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11822","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"VulnCheck","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","vectorStringSource":"VulnCheck","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-11822","version":1,"revisionDate":"2026-06-11T01:01:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e0312410-3165-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-11822","version":2,"revisionDate":"2026-06-13T01:43:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4409c348-c966-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000468b49b8","releaseDate":"2026-06-11T01:01:25-07:00","cveNumber":"CVE-2026-11824","cveTitle":"SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-13T01:43:24-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-11824","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11824","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"VulnCheck","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","vectorStringSource":"VulnCheck","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-11824","version":1,"revisionDate":"2026-06-11T01:01:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d7312410-3165-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-11824","version":2,"revisionDate":"2026-06-13T01:43:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d9df5442-c966-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a16c0206","releaseDate":"2026-06-09T07:00:59-07:00","cveNumber":"CVE-2026-10934","cveTitle":"Chromium: CVE-2026-10934 Use after free in Autofill","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:59-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10934","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10934","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10934","version":1,"revisionDate":"2026-06-09T07:00:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d5696016-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000cb8aaa6","releaseDate":"2026-06-09T07:00:57-07:00","cveNumber":"CVE-2026-11145","cveTitle":"Chromium: CVE-2026-11145 Race in Geolocation","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:57-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11145","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11145","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11145","version":1,"revisionDate":"2026-06-09T07:00:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d91cdba0-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009a6c0206","releaseDate":"2026-06-09T07:00:57-07:00","cveNumber":"CVE-2026-10984","cveTitle":"Chromium: CVE-2026-10984 Inappropriate implementation in Accessibility","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:57-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10984","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10984","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10984","version":1,"revisionDate":"2026-06-09T07:00:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bcd46234-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000008c0409e","releaseDate":"2026-06-09T07:00:54-07:00","cveNumber":"CVE-2026-11035","cveTitle":"Chromium: CVE-2026-11035 Insufficient validation of untrusted input in Custom Tabs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:54-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11035","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11035","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11035","version":1,"revisionDate":"2026-06-09T07:00:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"32646258-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006d4b99fb","releaseDate":"2026-06-09T07:00:53-07:00","cveNumber":"CVE-2026-11034","cveTitle":"Chromium: CVE-2026-11034 Insufficient validation of untrusted input in Tab Group Sync","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:53-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11034","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11034","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11034","version":1,"revisionDate":"2026-06-09T07:00:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1f646258-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009925bdd8","releaseDate":"2026-06-09T07:00:53-07:00","cveNumber":"CVE-2026-10929","cveTitle":"Chromium: CVE-2026-10929 Heap buffer overflow in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:53-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10929","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10929","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10929","version":1,"revisionDate":"2026-06-09T07:00:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4aa76510-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000479963f4","releaseDate":"2026-06-09T07:00:50-07:00","cveNumber":"CVE-2026-11247","cveTitle":"Chromium: CVE-2026-11247 Insufficient policy enforcement in CustomTabs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:50-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11247","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11247","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11247","version":1,"revisionDate":"2026-06-09T07:00:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7ec202e9-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009e34e840","releaseDate":"2026-06-09T07:00:48-07:00","cveNumber":"CVE-2026-11082","cveTitle":"Chromium: CVE-2026-11082 Use after free in GPU","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:48-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11082","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11082","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11082","version":1,"revisionDate":"2026-06-09T07:00:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"893fcd7c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00004d371a3e","releaseDate":"2026-06-09T07:00:47-07:00","cveNumber":"CVE-2026-11029","cveTitle":"Chromium: CVE-2026-11029 Insufficient validation of untrusted input in Drag and Drop","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:47-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11029","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11029","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11029","version":1,"revisionDate":"2026-06-09T07:00:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cc636258-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003be1a9a8","releaseDate":"2026-06-09T07:00:46-07:00","cveNumber":"CVE-2026-10923","cveTitle":"Chromium: CVE-2026-10923 Use after free in WebAppInstalls","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:46-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10923","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10923","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10923","version":1,"revisionDate":"2026-06-09T07:00:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e6a66510-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e7a32be9","releaseDate":"2026-06-09T07:00:46-07:00","cveNumber":"CVE-2026-11188","cveTitle":"Chromium: CVE-2026-11188 Use after free in USB","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:46-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11188","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11188","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11188","version":1,"revisionDate":"2026-06-09T07:00:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ca0be7be-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d41d3786","releaseDate":"2026-06-09T07:00:46-07:00","cveNumber":"CVE-2026-11080","cveTitle":"Chromium: CVE-2026-11080 Use after free in WebView","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:46-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11080","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11080","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11080","version":1,"revisionDate":"2026-06-09T07:00:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e855cb76-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000429963f4","releaseDate":"2026-06-09T07:00:44-07:00","cveNumber":"CVE-2026-11297","cveTitle":"Chromium: CVE-2026-11297 Insufficient validation of untrusted input in Reader Mode","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:44-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11297","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11297","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11297","version":1,"revisionDate":"2026-06-09T07:00:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b0a21a07-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000ced6f158","releaseDate":"2026-06-09T07:00:42-07:00","cveNumber":"CVE-2026-11077","cveTitle":"Chromium: CVE-2026-11077 Out of bounds read in Dawn","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:42-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11077","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11077","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11077","version":1,"revisionDate":"2026-06-09T07:00:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b955cb76-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000cb014af","releaseDate":"2026-06-09T07:00:42-07:00","cveNumber":"CVE-2026-11295","cveTitle":"Chromium: CVE-2026-11295 Inappropriate implementation in WebView","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:42-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11295","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11295","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11295","version":1,"revisionDate":"2026-06-09T07:00:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"90a21a07-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000798a4831","releaseDate":"2026-06-09T07:00:41-07:00","cveNumber":"CVE-2026-11131","cveTitle":"Chromium: CVE-2026-11131 Use after free in Autofill","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:41-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11131","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11131","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11131","version":1,"revisionDate":"2026-06-09T07:00:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"31bce29a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000cb0e0c1e","releaseDate":"2026-06-09T07:00:38-07:00","cveNumber":"CVE-2026-10967","cveTitle":"Chromium: CVE-2026-10967 Use after free in SurfaceCapture","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:38-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10967","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10967","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10967","version":1,"revisionDate":"2026-06-09T07:00:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d59b522e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009f34e840","releaseDate":"2026-06-09T07:00:37-07:00","cveNumber":"CVE-2026-11072","cveTitle":"Chromium: CVE-2026-11072 Use after free in WebView","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:37-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11072","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11072","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11072","version":1,"revisionDate":"2026-06-09T07:00:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2994b170-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007882b239","releaseDate":"2026-06-09T07:00:37-07:00","cveNumber":"CVE-2026-11291","cveTitle":"Chromium: CVE-2026-11291 Policy bypass in Android Autofill","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:37-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11291","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11291","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11291","version":1,"revisionDate":"2026-06-09T07:00:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1f7e1d01-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000dd0d0b97","releaseDate":"2026-06-09T07:00:36-07:00","cveNumber":"CVE-2026-11290","cveTitle":"Chromium: CVE-2026-11290 Integer overflow in WebView","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:36-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11290","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11290","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11290","version":1,"revisionDate":"2026-06-09T07:00:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"107e1d01-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d8ce5b61","releaseDate":"2026-06-09T07:00:36-07:00","cveNumber":"CVE-2026-11127","cveTitle":"Chromium: CVE-2026-11127 Inappropriate implementation in WebAPKs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:36-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11127","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11127","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11127","version":1,"revisionDate":"2026-06-09T07:00:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"26fce794-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00004e371a3e","releaseDate":"2026-06-09T07:00:36-07:00","cveNumber":"CVE-2026-11019","cveTitle":"Chromium: CVE-2026-11019 Inappropriate implementation in Payments","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:36-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11019","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11019","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11019","version":1,"revisionDate":"2026-06-09T07:00:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"90905e4c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e8a32be9","releaseDate":"2026-06-09T07:00:35-07:00","cveNumber":"CVE-2026-11178","cveTitle":"Chromium: CVE-2026-11178 Policy bypass in WebView","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:35-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11178","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11178","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11178","version":1,"revisionDate":"2026-06-09T07:00:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a085e7b8-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000439963f4","releaseDate":"2026-06-09T07:00:33-07:00","cveNumber":"CVE-2026-11287","cveTitle":"Chromium: CVE-2026-11287 Insufficient validation of untrusted input in Navigation","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:33-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11287","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11287","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11287","version":1,"revisionDate":"2026-06-09T07:00:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e27d1d01-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000009b8aaa6","releaseDate":"2026-06-09T07:00:32-07:00","cveNumber":"CVE-2026-11175","cveTitle":"Chromium: CVE-2026-11175 Incorrect security UI in Messages","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:32-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11175","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11175","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11175","version":1,"revisionDate":"2026-06-09T07:00:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7085e7b8-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009825bdd8","releaseDate":"2026-06-09T07:00:30-07:00","cveNumber":"CVE-2026-10959","cveTitle":"Chromium: CVE-2026-10959 Use after free in Input","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:30-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10959","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10959","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10959","version":1,"revisionDate":"2026-06-09T07:00:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"82ed4b28-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000da15a18e","releaseDate":"2026-06-09T07:00:29-07:00","cveNumber":"CVE-2026-11172","cveTitle":"Chromium: CVE-2026-11172 Incorrect security UI in Contact Picker","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:29-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11172","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11172","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11172","version":1,"revisionDate":"2026-06-09T07:00:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bc28efb2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000005c0409e","releaseDate":"2026-06-09T07:00:29-07:00","cveNumber":"CVE-2026-11065","cveTitle":"Chromium: CVE-2026-11065 Use after free in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:29-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11065","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11065","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11065","version":1,"revisionDate":"2026-06-09T07:00:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bd93b170-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006a4b99fb","releaseDate":"2026-06-09T07:00:28-07:00","cveNumber":"CVE-2026-11064","cveTitle":"Chromium: CVE-2026-11064 Uninitialized Use in GPU","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:28-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11064","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11064","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11064","version":1,"revisionDate":"2026-06-09T07:00:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ae93b170-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000ae24bc51","releaseDate":"2026-06-09T07:00:28-07:00","cveNumber":"CVE-2026-11226","cveTitle":"Chromium: CVE-2026-11226 Insufficient policy enforcement in PreviewTab","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:28-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11226","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11226","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11226","version":1,"revisionDate":"2026-06-09T07:00:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4154ecd6-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000532f8446","releaseDate":"2026-06-09T07:00:28-07:00","cveNumber":"CVE-2026-11119","cveTitle":"Chromium: CVE-2026-11119 Insufficient validation of untrusted input in GPU","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:28-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11119","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11119","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11119","version":1,"revisionDate":"2026-06-09T07:00:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"30d5ea8e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a534e840","releaseDate":"2026-06-09T07:00:28-07:00","cveNumber":"CVE-2026-11012","cveTitle":"Chromium: CVE-2026-11012 Use after free in Serial","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:28-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11012","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11012","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11012","version":1,"revisionDate":"2026-06-09T07:00:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"20905e4c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000db1d3786","releaseDate":"2026-06-09T07:00:25-07:00","cveNumber":"CVE-2026-11010","cveTitle":"Chromium: CVE-2026-11010 Use after free in WebShare","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:25-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11010","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11010","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11010","version":1,"revisionDate":"2026-06-09T07:00:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d32f6646-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b7b246ac","releaseDate":"2026-06-09T07:00:24-07:00","cveNumber":"CVE-2026-11278","cveTitle":"Chromium: CVE-2026-11278 Inappropriate implementation in CustomTabs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:24-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11278","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11278","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11278","version":1,"revisionDate":"2026-06-09T07:00:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9a931bfb-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d4ce5b61","releaseDate":"2026-06-09T07:00:23-07:00","cveNumber":"CVE-2026-11167","cveTitle":"Chromium: CVE-2026-11167 Inappropriate implementation in WebView","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:23-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11167","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11167","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11167","version":1,"revisionDate":"2026-06-09T07:00:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6a28efb2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d5d6f158","releaseDate":"2026-06-09T07:00:22-07:00","cveNumber":"CVE-2026-11007","cveTitle":"Chromium: CVE-2026-11007 Insufficient validation of untrusted input in WebView","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:22-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11007","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11007","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11007","version":1,"revisionDate":"2026-06-09T07:00:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a22f6646-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003ae1a9a8","releaseDate":"2026-06-09T07:00:22-07:00","cveNumber":"CVE-2026-10953","cveTitle":"Chromium: CVE-2026-10953 Use after free in Core","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:22-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10953","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10953","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10953","version":1,"revisionDate":"2026-06-09T07:00:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f08c5322-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000040a1f9eb","releaseDate":"2026-06-09T07:00:18-07:00","cveNumber":"CVE-2026-11163","cveTitle":"Chromium: CVE-2026-11163 Use after free in Messages","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:18-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11163","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11163","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11163","version":1,"revisionDate":"2026-06-09T07:00:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7da1efac-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000df0d0b97","releaseDate":"2026-06-09T07:00:16-07:00","cveNumber":"CVE-2026-11270","cveTitle":"Chromium: CVE-2026-11270 Inappropriate implementation in UI","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:16-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11270","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11270","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11270","version":1,"revisionDate":"2026-06-09T07:00:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"680c1cf5-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000014b014af","releaseDate":"2026-06-09T07:00:16-07:00","cveNumber":"CVE-2026-11215","cveTitle":"Chromium: CVE-2026-11215 Inappropriate implementation in Cronet","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:16-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11215","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11215","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11215","version":1,"revisionDate":"2026-06-09T07:00:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"882eefd0-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000efa32be9","releaseDate":"2026-06-09T07:00:16-07:00","cveNumber":"CVE-2026-11108","cveTitle":"Chromium: CVE-2026-11108 Inappropriate implementation in NFC","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:16-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11108","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11108","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11108","version":1,"revisionDate":"2026-06-09T07:00:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4ab0ed88-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000967498fd","releaseDate":"2026-06-09T07:00:11-07:00","cveNumber":"CVE-2026-10892","cveTitle":"Chromium: CVE-2026-10892 Out of bounds write in GPU","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:11-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10892","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10892","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10892","version":1,"revisionDate":"2026-06-09T07:00:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"96ff5df8-8260-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b16b017f","releaseDate":"2026-06-09T07:00:08-07:00","cveNumber":"CVE-2026-11263","cveTitle":"Chromium: CVE-2026-11263 Insufficient policy enforcement in WebAuthentication","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:08-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11263","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11263","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11263","version":1,"revisionDate":"2026-06-09T07:00:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5e23fbee-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000007c0409e","releaseDate":"2026-06-09T07:00:05-07:00","cveNumber":"CVE-2026-11045","cveTitle":"Chromium: CVE-2026-11045 Insufficient validation of untrusted input in GPU","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:05-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11045","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11045","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11045","version":1,"revisionDate":"2026-06-09T07:00:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f34d835e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000ccd6f158","releaseDate":"2026-06-09T07:00:04-07:00","cveNumber":"CVE-2026-11097","cveTitle":"Chromium: CVE-2026-11097 Inappropriate implementation in WebView","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:04-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11097","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11097","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11097","version":1,"revisionDate":"2026-06-09T07:00:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c350d682-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000030e93fa0","releaseDate":"2026-06-09T07:00:01-07:00","cveNumber":"CVE-2026-10883","cveTitle":"Chromium: CVE-2026-10883 Out of bounds write in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:01-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10883","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10883","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10883","version":1,"revisionDate":"2026-06-09T07:00:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c03c63f2-8260-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000eba32be9","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-11148","cveTitle":"Chromium: CVE-2026-11148 Inappropriate implementation in Payments","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11148","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11148","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5306/09/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11148","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5b2de4a6-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00001c8d4466","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-50511","cveTitle":"Microsoft PC Manager Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-59: Improper Link Resolution Before File Access ('Link Following')"],"cweDetailsListForSearch":["cwe: CWE-59: Improper Link Resolution Before File Access ('Link Following')","cweUrl: https://cwe.mitre.org/data/definitions/59.html"],"unformattedDescription":"Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-50511","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50511","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft PC Manager","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-59: Improper Link Resolution Before File Access ('Link Following')","https://cwe.mitre.org/data/definitions/59.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

The attacker would gain the rights of the user that is running the affected application.

\n","ordinal":10000},{"title":"Microsoft PC Manager Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-50511","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a3e43733-8063-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000081189dc3","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-50512","cveTitle":"Microsoft PC Manager Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-306: Missing Authentication for Critical Function"],"cweDetailsListForSearch":["cwe: CWE-306: Missing Authentication for Critical Function","cweUrl: https://cwe.mitre.org/data/definitions/306.html"],"unformattedDescription":"Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-50512","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50512","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft PC Manager","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-306: Missing Authentication for Critical Function","https://cwe.mitre.org/data/definitions/306.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

The attacker would gain the rights of the user that is running the affected application.

\n","ordinal":10000},{"title":"Microsoft PC Manager Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-50512","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a021e758-8063-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ea1afe28","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44804","cveTitle":"Windows DWM Core Library Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-44804","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44804","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows DWM Core Library Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44804","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"39da9c70-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000aeea69b6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44813","cveTitle":"Windows DWM Core Library Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-44813","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44813","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows DWM Core Library Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44813","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4ea7a46a-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000063a5455a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42993","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-42993","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42993","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42993","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"74a6a46a-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000495f1159","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44812","cveTitle":"Windows Graphics Component Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"unformattedDescription":"Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-44812","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44812","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - GRFX","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

Successful exploitation of this vulnerability requires the user to view a specially crafted file in the Windows File Explorer Preview Pane or open said file.

\n","ordinal":10000},{"title":"Windows Win32K - GRFX Remote Code Execution Vulnerability","articleType":"100000000","description":"

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Word, PowerPoint and Excel for Android currently available?

\n

The security update for Microsoft Word for Android, Microsoft PowerPoint for Android and Microsoft Excel for Android are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44812","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"adecaa64-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000adea69b6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44803","cveTitle":"Windows Graphics Component Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"unformattedDescription":"Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-44803","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44803","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - GRFX","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[{"title":"Windows Win32K - GRFX Remote Code Execution Vulnerability","articleType":"100000000","description":"

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

Successful exploitation of this vulnerability requires the user to view a specially crafted file in the Windows File Explorer Preview Pane or open said file.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Word, PowerPoint and Excel for Android currently available?

\n

The security update for Microsoft Word for Android, Microsoft PowerPoint for Android and Microsoft Excel for Android are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44803","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"08ecaa64-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000ce77e3e4","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42987","cveTitle":"Windows Deployment Services (WDS) Remote Code Execution","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-42987","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42987","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Deployment Services","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Deployment Services Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could send specially crafted network requests to a Windows Server system that has the Windows Deployment Services (WDS) role enabled and is listening for TFTP traffic. By triggering an error in how the server handles simultaneous requests, an unauthenticated remote attacker could cause the service to use invalid memory, which could allow the attacker to run code on the affected server.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42987","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"55ebaa64-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000461322a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42985","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-42985","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42985","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

\n","ordinal":10000},{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42985","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7e31b15e-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e3d3b8fb","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44801","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-44801","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44801","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

\n","ordinal":10000},{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44801","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"db30b15e-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000eb1afe28","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44814","cveTitle":"Windows DWM Core Library Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-125: Out-of-bounds Read","CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html","cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-44814","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44814","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.

\n","ordinal":10000},{"title":"Windows DWM Core Library Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44814","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0772bb52-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000485f1159","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44802","cveTitle":"Windows DWM Core Library Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-44802","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44802","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows DWM Core Library Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44802","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9c71bb52-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000062a5455a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42983","cveTitle":"Windows DWM Core Library Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42983","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42983","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows DWM Core Library Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42983","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4571bb52-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000050a65686","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44815","cveTitle":"DHCP Client Service Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"unformattedDescription":"Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-44815","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44815","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DHCP Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[{"title":"DHCP Client","articleType":"Mitigation","description":"

What can customers do to mitigate this vulnerability?

\n

Customers can reduce exposure by keeping the DHCP Client service enabled while avoiding use of the DhcpGetOriginalSubnetMask API. In this scenario, a malicious DHCP server may provide crafted data, but the data is not used unless that API is called.

\n

To help reduce exposure, customers can:

\n
    \n
  1. Keep the DHCP Client service enabled so systems can continue to obtain network configuration normally.
    2. \n
  2. Review applications or components that call the DhcpGetOriginalSubnetMask API.
    3. \n
  3. Update or reconfigure those applications to avoid calling the API where possible.
    4. \n
  4. Follow vendor or product guidance for any updates that address this behavior.
    5. \n
\n","ordinal":10000},{"title":"Windows DHCP Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker can exploit this by setting up a Dynamic Host Configuration Protocol (DHCP) Server on the network and responding to a request of information from DHCP client

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44815","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"81f3c04c-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00004d034ce7","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44799","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-44799","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44799","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

\n","ordinal":10000},{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44799","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"eef2c04c-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000019bd0741","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44807","cveTitle":"Windows DWM Core Library Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-44807","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44807","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows DWM Core Library Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44807","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bebfc846-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a6a32489","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44808","cveTitle":"Windows DWM Core Library Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow","CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html","cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-44808","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44808","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows DWM Core Library Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44808","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1bbfc846-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e4d3b8fb","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44811","cveTitle":"Windows DWM Core Library Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow","CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html","cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-44811","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44811","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Windows DWM Core Library Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44811","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"82bec846-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00004fa65686","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44805","cveTitle":"Windows Network Controller (NC) Host Agent Denial of Service Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.

\n","cweList":["CWE-416: Use After Free","CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.","mitreText":"CVE-2026-44805","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44805","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Network Controller (NC) Host Agent","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"title":"Windows Network Controller (NC) Host Agent Denial of Service Vulnerability","articleType":"100000000","description":"

Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44805","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3c04cf40-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000c8309eb7","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42992","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-42992","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42992","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

\n","ordinal":10000},{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42992","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2f5fcb3a-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007f48609e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44810","cveTitle":"Microsoft Cryptographic Services Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

\n","cweList":["CWE-287: Improper Authentication"],"cweDetailsListForSearch":["cwe: CWE-287: Improper Authentication","cweUrl: https://cwe.mitre.org/data/definitions/287.html"],"unformattedDescription":"Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.","mitreText":"CVE-2026-44810","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44810","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Cryptographic Services","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-287: Improper Authentication","https://cwe.mitre.org/data/definitions/287.html"]}],"articles":[{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

\n

Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Cryptographic Services Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44810","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a25ecb3a-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000b2f7de6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44809","cveTitle":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-44809","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44809","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Common Log File System Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44809","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"175ecb3a-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000c0e9588a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42989","cveTitle":"Winlogon Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-59: Improper Link Resolution Before File Access ('Link Following')"],"cweDetailsListForSearch":["cwe: CWE-59: Improper Link Resolution Before File Access ('Link Following')","cweUrl: https://cwe.mitre.org/data/definitions/59.html"],"unformattedDescription":"Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42989","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42989","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Winlogon","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-59: Improper Link Resolution Before File Access ('Link Following')","https://cwe.mitre.org/data/definitions/59.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Winlogon Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42989","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ca2ad334-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000998e949f","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42991","cveTitle":"Windows Push Notifications Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42991","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42991","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Push Notifications Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42991","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"492ad334-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000c7e9588a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42979","cveTitle":"Windows Push Notifications Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42979","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42979","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Push Notifications Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42979","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"da29d334-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d577e3e4","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42977","cveTitle":"Windows Push Notifications Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42977","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42977","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows Push Notifications Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42977","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6c32da2e-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00002c75b1e7","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42978","cveTitle":"Windows Push Notifications Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42978","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42978","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Push Notifications Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42978","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2632da2e-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000033033c42","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42986","cveTitle":"Microsoft Graphics Component Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42986","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42986","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Graphics Component","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Graphics Component Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42986","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b805d528-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000070ec8a87","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42974","cveTitle":"Windows Performance Monitor Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"unformattedDescription":"Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-42974","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42974","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Performance Monitor","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

\n","ordinal":10000},{"title":"Windows Performance Monitor Remote Code Execution Vulnerability","articleType":"100000000","description":"

Integer overflow or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42974","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6905d528-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000988e949f","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42981","cveTitle":"Windows Performance Monitor Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-191: Integer Underflow (Wrap or Wraparound)"],"cweDetailsListForSearch":["cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html"],"unformattedDescription":"Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-42981","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42981","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Performance Monitor","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]}],"articles":[{"title":"Windows Performance Monitor Remote Code Execution Vulnerability","articleType":"100000000","description":"

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42981","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c94bdb22-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000069ec8a87","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42984","cveTitle":"Windows Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42984","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42984","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42984","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7c4bdb22-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000069a5455a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42973","cveTitle":"Windows Push Notification Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-42973","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42973","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Windows Push Notifications Information Disclosure Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42973","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"374bdb22-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000041aedfc","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42970","cveTitle":"Windows Push Notification Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-42970","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42970","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Windows Push Notifications Information Disclosure Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42970","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ef4adb22-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009f8e949f","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42971","cveTitle":"Windows Push Notification Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-42971","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42971","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Windows Push Notifications Information Disclosure Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42971","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ba18e31c-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000c6e9588a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42969","cveTitle":"Windows Push Notification Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-908: Use of Uninitialized Resource"],"cweDetailsListForSearch":["cwe: CWE-908: Use of Uninitialized Resource","cweUrl: https://cwe.mitre.org/data/definitions/908.html"],"unformattedDescription":"Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-42969","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42969","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Push Notifications","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-908: Use of Uninitialized Resource","https://cwe.mitre.org/data/definitions/908.html"]}],"articles":[{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

\n","ordinal":10000},{"title":"Windows Push Notifications Information Disclosure Vulnerability","articleType":"100000000","description":"

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42969","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5f18e31c-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000ce309eb7","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42972","cveTitle":"Windows Hyper-V Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-42972","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42972","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Role: Windows Hyper-V","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Windows Hyper-V Information Disclosure Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is\tKernel memory read - unintentional read access to memory contents in kernel space from a user mode process.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42972","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0e18e31c-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00002b75b1e7","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42968","cveTitle":"Windows Telephony Server Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-42968","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42968","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Telephony Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows Telephony Service Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42968","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"abecdd16-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000d61322a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42915","cveTitle":"Windows TCP/IP Denial of Service Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.

\n","cweList":["CWE-131: Incorrect Calculation of Buffer Size"],"cweDetailsListForSearch":["cwe: CWE-131: Incorrect Calculation of Buffer Size","cweUrl: https://cwe.mitre.org/data/definitions/131.html"],"unformattedDescription":"Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.","mitreText":"CVE-2026-42915","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42915","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"5.7","temporalScore":"5.0","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-131: Incorrect Calculation of Buffer Size","https://cwe.mitre.org/data/definitions/131.html"]}],"articles":[{"title":"Windows TCP/IP Denial of Service Vulnerability","articleType":"100000000","description":"

Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

\n

An authenticated attacker could exploit this vulnerability with LAN access.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42915","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"37ecdd16-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000072ec8a87","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42914","cveTitle":"Windows Kerberos Denial of Service Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-42914","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42914","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kerberos","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"5.3","temporalScore":"4.6","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows Kerberos Denial of Service Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?

\n

An attacker would need specific conditions to be in place (i.e. particular protocol settings, or configurations, etc.) before an attack could succeed, which reduces the likelihood of widespread or opportunistic exploitation.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42914","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e1ebdd16-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d0309eb7","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42912","cveTitle":"Windows Telephony Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42912","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42912","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Telephony Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"title":"Windows Telephony Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42912","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6cebdd16-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006ba5455a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42913","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-42913","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42913","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42913","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"965bd010-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a18e949f","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42911","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42911","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42911","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42911","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"145bd010-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003c033c42","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42916","cveTitle":"NT OS Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"unformattedDescription":"Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42916","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42916","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows NT OS Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows NT OS Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Integer overflow or wraparound in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42916","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9e5ad010-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000c8e9588a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42909","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-42909","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42909","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42909","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"66ddd50a-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000fd19edfc","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42980","cveTitle":"NT OS Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-191: Integer Underflow (Wrap or Wraparound)","CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html","cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42980","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42980","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows NT OS Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows NT OS Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42980","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e4dcd50a-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00002d75b1e7","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42908","cveTitle":"Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-42908","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42908","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows RDP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows RDP Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42908","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9ba9dd04-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d677e3e4","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42907","cveTitle":"Windows Shell Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-42907","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42907","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Shell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Windows Shell Information Disclosure Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42907","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d9a8dd04-1c4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003b033c42","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42906","cveTitle":"Windows Shell Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-42906","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42906","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Shell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Windows Shell Information Disclosure Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42906","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b14ddcfe-1b4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000c61322a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42905","cveTitle":"Windows DWM Core Library Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42905","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42905","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows DWM Core Library Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42905","version":1.1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated an acknowledgement. This is an informational change only.

\n","unformattedDescription":"Updated an acknowledgement. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc9a47d0-ea5d-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-42905","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7e4ddcfe-1b4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000071ec8a87","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42904","cveTitle":"Windows TCP/IP Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.","mitreText":"CVE-2026-42904","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42904","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.6","temporalScore":"8.3","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows TCP/IP Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

\n

An authenticated attacker could exploit this vulnerability with LAN access.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42904","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"484ddcfe-1b4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006aa5455a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42903","cveTitle":"Windows Kerberos Denial of Service Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-10T07:00:00-07:00","description":"

Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.

\n","cweList":["CWE-476: NULL Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-476: NULL Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/476.html"],"mitreText":"CVE-2026-42903","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42903","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kerberos","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-476: NULL Pointer Dereference","https://cwe.mitre.org/data/definitions/476.html"]}],"articles":[{"title":"Windows Kerberos Denial of Service Vulnerability","articleType":"100000000","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42903","version":1.1,"revisionDate":"2026-06-10T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated an acknowledgement. This is an informational change only.

\n","unformattedDescription":"Updated an acknowledgement. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"499ddbeb-eb64-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-42903","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ec6ad9f8-1b4e-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00005ebd0741","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42837","cveTitle":"Windows Projected File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42837","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42837","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Projected File System Filter Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows Projected File System Filter Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42837","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7556acc4-7549-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000f931afe3","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42836","cveTitle":"Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42836","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42836","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Function Discovery Service (fdwsd.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42836","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"18443f84-7349-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-000079d15796","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-50507","cveTitle":"Windows BitLocker Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

\n","cweList":["CWE-306: Missing Authentication for Critical Function"],"cweDetailsListForSearch":["cwe: CWE-306: Missing Authentication for Critical Function","cweUrl: https://cwe.mitre.org/data/definitions/306.html"],"unformattedDescription":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","mitreText":"CVE-2026-50507","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50507","publiclyDisclosed":"Yes","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows BitLocker","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"6.8","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-306: Missing Authentication for Critical Function","https://cwe.mitre.org/data/definitions/306.html"]}],"articles":[{"title":"Windows BitLocker Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Missing authentication for critical function in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-50507","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cf5c79dc-4b61-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000042d93c40","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-49160","cveTitle":"HTTP.sys Denial of Service Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.

\n","cweList":["CWE-400: Uncontrolled Resource Consumption"],"cweDetailsListForSearch":["cwe: CWE-400: Uncontrolled Resource Consumption","cweUrl: https://cwe.mitre.org/data/definitions/400.html"],"unformattedDescription":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-49160","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-49160","publiclyDisclosed":"Yes","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"HTTP/2","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-400: Uncontrolled Resource Consumption","https://cwe.mitre.org/data/definitions/400.html"]}],"articles":[{"title":"HTTP/2 Denial of Service Vulnerability","articleType":"100000000","description":"

Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What actions should I take to help protect my devices from this vulnerability?

\n

Install the June 2026 Windows security updates listed in the Security Updates table. These updates enable the protections Microsoft released for this CVE.

\n

As part of these updates, Microsoft also introduced a new MaxHeadersCount registry setting. This setting allows you to limit the number of headers included in HTTP/2 and HTTP/3 requests that are accepted by the HTTP server. For more information, see KB5102602.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-49160","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ea0135ad-a95f-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e226f793","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48574","cveTitle":"Windows Media Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-48574","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48574","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Media","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Media Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48574","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bfcc1a26-ae5e-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c01278d6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48569","cveTitle":"Visual Studio Code Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-10T07:00:00-07:00","description":"

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

\n","cweList":["CWE-20: Improper Input Validation","CWE-23: Relative Path Traversal"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html","cwe: CWE-23: Relative Path Traversal","cweUrl: https://cwe.mitre.org/data/definitions/23.html"],"unformattedDescription":"Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-48569","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48569","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.1","temporalScore":"6.2","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-23: Relative Path Traversal","https://cwe.mitre.org/data/definitions/23.html"]}],"articles":[{"title":"Visual Studio Code Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48569","version":1.1,"revisionDate":"2026-06-10T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated the Security Updates Build Number

\n","unformattedDescription":"Updated the Security Updates Build Number","notificationNeeded":false,"notificationSent":false,"sourceId":"51858c24-f464-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-48569","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fae93727-ab5e-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007c9b9e36","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48565","cveTitle":"Windows Narrator Braille Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-426: Untrusted Search Path"],"cweDetailsListForSearch":["cwe: CWE-426: Untrusted Search Path","cweUrl: https://cwe.mitre.org/data/definitions/426.html"],"unformattedDescription":"Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-48565","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48565","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Narrator Braille","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-426: Untrusted Search Path","https://cwe.mitre.org/data/definitions/426.html"]}],"articles":[{"title":"Windows Narrator Braille Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How do I protect myself from this vulnerablity?

\n

Microsoft recommends installing the latest BRLTTY feature update to help protect systems from this vulnerability. Customers can download and install BRLTTY through Windows Accessibility settings by navigating to:

\n

Settings \u2192 Accessibility \u2192 Narrator \u2192 Use Braille display \u2192 Download BRLTTY

\n

Once installed, ensure the latest available update is applied to receive the security fix and associated protections.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48565","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3a282091-665e-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000171046d9","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48562","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-48562","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48562","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48562","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ab11031a-ed5d-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004df9941e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48560","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-48560","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48560","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48560","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d5d70536-da5d-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000082f8d8b","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47656","cveTitle":"Windows Boot Manager Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-47656","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47656","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Boot Manager","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.9","temporalScore":"6.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

A scope change means that successfully exploiting this vulnerability could allow an attacker to affect security protections beyond the original vulnerable component. In this case, the issue could enable a bypass of Secure Boot and exposure of Virtual Secure Mode (VSM) secrets, impacting a more highly protected security boundary rather than being limited to the initially affected boot component.

\n","ordinal":10000},{"title":"Windows Boot Manager Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47656","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"379c8727-d95d-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ff556a35","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45484","cveTitle":"Microsoft SharePoint Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-45484","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45484","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

An authenticated attacker with access to the domain could perform remote code execution on the SharePoint server to elevate themselves to SharePoint admin.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain administrator privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45484","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8716f59b-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d0b3601d","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45481","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45481","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45481","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"7.3","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious link and convince the user to open it.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45481","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0d78180e-895b-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000da8c8373","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47643","cveTitle":"Azure Stack Edge Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-73: External Control of File Name or Path"],"cweDetailsListForSearch":["cwe: CWE-73: External Control of File Name or Path","cweUrl: https://cwe.mitre.org/data/definitions/73.html"],"unformattedDescription":"External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-47643","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47643","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Stack Edge","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-73: External Control of File Name or Path","https://cwe.mitre.org/data/definitions/73.html"]}],"articles":[{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could send a specially crafted file upload request that includes a manipulated file name or path. Because the application does not properly restrict or validate this input, the attacker could cause the file to be written outside the intended folder, potentially overwriting or creating files in other locations on the system.

\n","ordinal":10000},{"title":"Azure Stack Edge Remote Code Execution Vulnerability","articleType":"100000000","description":"

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47643","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bb8f9d46-e45a-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003f18dcd0","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47640","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-47640","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47640","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious link and convince the user to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47640","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"13ad8c7b-d75a-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d0453e46","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47634","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"],"cweDetailsListForSearch":["cwe: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","cweUrl: https://cwe.mitre.org/data/definitions/74.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-47634","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47634","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"7.3","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","https://cwe.mitre.org/data/definitions/74.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious link and convince the user to open it.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47634","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a00172a2-c25a-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000061aedfc","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42910","cveTitle":"Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-787: Out-of-bounds Write"],"cweDetailsListForSearch":["cwe: CWE-787: Out-of-bounds Write","cweUrl: https://cwe.mitre.org/data/definitions/787.html"],"unformattedDescription":"Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42910","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42910","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Hotpatch Monitoring Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-787: Out-of-bounds Write","https://cwe.mitre.org/data/definitions/787.html"]}],"articles":[{"title":"Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42910","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6c1d676b-1459-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e16c2b95","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47293","cveTitle":"Microsoft Office Click-To-Run Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-47293","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47293","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Click-To-Run","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Click-To-Run Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47293","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0f7ebca3-2a59-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b3ca217d","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47284","cveTitle":"Visual Studio Code Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-47284","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47284","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Visual Studio Code Information Disclosure Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47284","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1ee03efc-4f55-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ac83dc4f","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47281","cveTitle":"Visual Studio Code Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

\n","cweList":["CWE-862: Missing Authorization","CWE-306: Missing Authentication for Critical Function","CWE-798: Use of Hard-coded Credentials"],"cweDetailsListForSearch":["cwe: CWE-862: Missing Authorization","cweUrl: https://cwe.mitre.org/data/definitions/862.html","cwe: CWE-306: Missing Authentication for Critical Function","cweUrl: https://cwe.mitre.org/data/definitions/306.html","cwe: CWE-798: Use of Hard-coded Credentials","cweUrl: https://cwe.mitre.org/data/definitions/798.html"],"unformattedDescription":"Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-47281","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47281","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.6","temporalScore":"8.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-862: Missing Authorization","https://cwe.mitre.org/data/definitions/862.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-306: Missing Authentication for Critical Function","https://cwe.mitre.org/data/definitions/306.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-798: Use of Hard-coded Credentials","https://cwe.mitre.org/data/definitions/798.html"]}],"articles":[{"title":"Visual Studio Code Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Missing authorization in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

This means that a successful attack is not limited to Visual Studio Code itself, but can also affect the user\u2019s local system, including files and settings. As a result, the impact extends beyond the application to a different security boundary, increasing the overall severity of the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have be enticed to open a malicious .code-workspace file in vscode. Users should never open anything that they do not know or trust to be safe.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47281","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a021629a-4f55-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000058bd17e6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45658","cveTitle":"Windows BitLocker Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","mitreText":"CVE-2026-45658","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45658","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows BitLocker","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Windows BitLocker Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Improper access control in Windows BitLocker allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45658","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"00512fab-4855-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b0bae5e8","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45647","cveTitle":"Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"],"cweDetailsListForSearch":["cwe: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","cweUrl: https://cwe.mitre.org/data/definitions/367.html"],"unformattedDescription":"Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45647","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45647","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Defender for Endpoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","https://cwe.mitre.org/data/definitions/367.html"]}],"articles":[{"title":"Microsoft Defender for Endpoint Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45647","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"58c29b10-4755-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000014463e46","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45654","cveTitle":"Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-45654","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45654","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Secure Boot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.9","temporalScore":"6.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

A scope change means that successfully exploiting this vulnerability could allow an attacker to affect security protections beyond the original vulnerable component. In this case, the issue could enable a bypass of Secure Boot and exposure of Virtual Secure Mode (VSM) secrets, impacting a more highly protected security boundary rather than being limited to the initially affected boot component.

\n","ordinal":10000},{"title":"Windows Secure Boot Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Improper access control in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45654","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7910f5ab-2855-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001b8d8373","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45653","cveTitle":"Windows Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45653","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45653","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45653","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5419b575-2855-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000015463e46","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45644","cveTitle":"Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-45644","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45644","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Live Share Canvas SDK","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.0","temporalScore":"7.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Teams SDK Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious link and convince the user to open it.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45644","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"720e64eb-cc53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000055bd17e6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45608","cveTitle":"Windows DHCP Client Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-45608","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45608","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DHCP Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"6.8","temporalScore":"5.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows DHCP Client Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows DHCP Client allows an unauthorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

Successful exploitation could allow an attacker to read a limited amount of information from the affected system\u2019s memory. This information would be restricted in scope and is not expected to expose large amounts of sensitive data.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, exploitation results in a small loss of confidentiality (C:L), no integrity impact (I:N), and high availability impact (A:H). What does this mean?

\n

This means that an attacker could potentially see a small amount of information they should not have access to, but they cannot change data or system settings. The primary impact is that the affected service could stop working or crash, which may temporarily disrupt normal system operations.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45608","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"276803d1-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a9bae5e8","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45637","cveTitle":"Microsoft DWM Core Library Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45637","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45637","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows DWM Core Library Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45637","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"726e44ca-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000188d8373","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45603","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45603","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45603","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45603","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5c6e44ca-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000052bd17e6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45638","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45638","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45638","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45638","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ac9500c4-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000073d196a3","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45635","cveTitle":"Windows UPnP Device Host Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"],"cweDetailsListForSearch":["cwe: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","cweUrl: https://cwe.mitre.org/data/definitions/843.html"],"unformattedDescription":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-45635","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45635","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Universal Plug and Play (upnp.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","https://cwe.mitre.org/data/definitions/843.html"]}],"articles":[{"title":"Universal Plug and Play (upnp.dll) Remote Code Execution Vulnerability","articleType":"100000000","description":"

Access of resource using incompatible type ('type confusion') in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?

\n

An attacker would need specific conditions to be in place (i.e. particular protocol settings, or configurations, etc.) before an attack could succeed, which reduces the likelihood of widespread or opportunistic exploitation.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

An attacker could attempt to trigger the vulnerability by causing an error during the handling of specially crafted data, which may lead the affected component to incorrectly free memory it does not own. If successful, this could allow the attacker to run code in the context of the affected process.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45635","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"989500c4-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b3012b16","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45602","cveTitle":"Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.","mitreText":"CVE-2026-45602","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45602","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DHCP Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000009,"impact":"Tampering","langCode":"en-US","baseScore":"9.1","temporalScore":"7.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"title":"Windows DHCP Server Tampering Vulnerability","articleType":"100000000","description":"

No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An authenticated user could exploit this vulnerability by sending specially crafted network traffic to a server configured for use as a Dynamic Host Configuration Protocol (DHCP) Server.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45602","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"839500c4-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007d18dcd0","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45600","cveTitle":"Windows Kernel-Mode Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"],"cweDetailsListForSearch":["cwe: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","cweUrl: https://cwe.mitre.org/data/definitions/843.html"],"unformattedDescription":"Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45600","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45600","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel-Mode Drivers","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","https://cwe.mitre.org/data/definitions/843.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Kernel-Mode Drivers Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45600","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6c9500c4-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000d3ea84e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45596","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free","CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45596","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45596","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45596","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8ad4f9bd-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000442f8d8b","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45636","cveTitle":"Windows NTFS Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow","CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html","cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45636","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45636","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows NTFS","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Windows NTFS Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

A user would need to mount a .vhd file to be compromised by the attacker.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45636","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"75d4f9bd-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000879ed033","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45598","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45598","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45598","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45598","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5cd4f9bd-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e2a3342e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45601","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45601","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45601","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45601","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"46d4f9bd-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000221378d6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45599","cveTitle":"Windows UPnP Device Host Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-45599","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45599","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Universal Plug and Play (upnp.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Universal Plug and Play (upnp.dll) Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?

\n

An attacker would need specific conditions to be in place (i.e. particular protocol settings, or configurations, etc.) before an attack could succeed, which reduces the likelihood of widespread or opportunistic exploitation.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

An attacker could attempt to trigger the vulnerability by causing an error during the handling of specially crafted data, which may lead the affected component to incorrectly free memory it does not own. If successful, this could allow the attacker to run code in the context of the affected process.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45599","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2fd4f9bd-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a8b24ff1","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45597","cveTitle":"Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45597","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45597","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"UI Automation Manager (uiamanager.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.

\n","ordinal":10000},{"title":"UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45597","version":1.1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated an acknowledgement. This is an informational change only.

\n","unformattedDescription":"Updated an acknowledgement. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"194447a4-ea5d-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-45597","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"274df3b7-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000de9b9e36","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45595","cveTitle":"Windows Mark of the Web Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.","mitreText":"CVE-2026-45595","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45595","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Mark of the Web (MOTW)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"title":"Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

\n","ordinal":10000},{"title":"FAQ - I:L","articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?

\n

An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

To exploit this vulnerability, an attacker could host a file on an attacker-controlled server, then convince a targeted user to download and open the file. This could allow the attacker to interfere with the Mark of the Web functionality.

\n

Please see Additional information about Mark of the Web for further clarification

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45595","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"124df3b7-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000011463e46","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45604","cveTitle":"Windows Managed Installer Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-45604","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45604","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Application Identity (AppID) Subsystem","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows Application Identity (AppID) Subsystem Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

\n","ordinal":10000},{"title":"Kernel Memory Information Disclosure","articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45604","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fb4cf3b7-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004327f793","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45594","cveTitle":"Windows Application Identity (AppID) Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-45594","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45594","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Application Identity (AppID) Subsystem","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Kernel Memory Information Disclosure","articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

\n","ordinal":10000},{"title":"Windows Application Identity (AppID) Subsystem Information Disclosure Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45594","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e54cf3b7-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001485ed7b","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45593","cveTitle":"Windows SDK Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free","CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"unformattedDescription":"Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45593","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45593","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows SDK","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.

\n","ordinal":10000},{"title":"Windows SDK Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45593","version":1.1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated an acknowledgement. This is an informational change only.

\n","unformattedDescription":"Updated an acknowledgement. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"677efbb6-ea5d-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-45593","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"81c6e5b1-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000791046d9","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45592","cveTitle":"Windows Internet (wininet.dll) Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-190: Integer Overflow or Wraparound","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45592","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45592","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Internet (wininet.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Internet (wininet.dll) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45592","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5bc6e5b1-be53-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004a6e3cc1","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45591","cveTitle":"ASP.NET Core Denial of Service Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

\n","cweList":["CWE-400: Uncontrolled Resource Consumption"],"cweDetailsListForSearch":["cwe: CWE-400: Uncontrolled Resource Consumption","cweUrl: https://cwe.mitre.org/data/definitions/400.html"],"unformattedDescription":"Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-45591","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45591","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"ASP.NET Core","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-400: Uncontrolled Resource Consumption","https://cwe.mitre.org/data/definitions/400.html"]}],"articles":[{"title":"ASP.NET Core Denial of Service Vulnerability","articleType":"100000000","description":"

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45591","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6491a386-b253-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000e3ea84e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45586","cveTitle":"Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-59: Improper Link Resolution Before File Access ('Link Following')"],"cweDetailsListForSearch":["cwe: CWE-59: Improper Link Resolution Before File Access ('Link Following')","cweUrl: https://cwe.mitre.org/data/definitions/59.html"],"unformattedDescription":"Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45586","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45586","publiclyDisclosed":"Yes","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Collaborative Translation Framework","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-59: Improper Link Resolution Before File Access ('Link Following')","https://cwe.mitre.org/data/definitions/59.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Collaborative Translation Framework Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45586","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"52c21754-1553-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000353fb97a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45482","cveTitle":"Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-10T07:00:00-07:00","description":"

Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

\n","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"unformattedDescription":"Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-45482","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45482","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"GitHub Copilot and Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[{"title":"GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"title":"Authentication Bypass","articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

The authentication feature could be bypassed as this vulnerability allows impersonation.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45482","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1b2879f1-2c4f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-45482","version":1.1,"revisionDate":"2026-06-10T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated the Security Updates Build Number and Title as the Chat extention is now merged into Visual Studio Code

\n","unformattedDescription":"Updated the Security Updates Build Number and Title as the Chat extention is now merged into Visual Studio Code","notificationNeeded":false,"notificationSent":false,"sourceId":"ebe08612-dc64-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d26c1bf0","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45476","cveTitle":"Microsoft Azure Network Adapter Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45476","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45476","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Linux MANA Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.2","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

What do I have to do to protect myself from this vulnerability?

\n

To help protect your systems from this vulnerability, update your Linux kernel to a version that includes the upstream fix for this issue. The fix has already been accepted upstream and will be included in newer kernel releases.

\n

If your environment uses a Linux distribution that has not yet incorporated the updated kernel version, you should monitor your distribution vendor\u2019s security advisories and apply the appropriate security update as soon as it becomes available. Some distributions may release the fix immediately through security updates, while others may include it in a future kernel package or maintenance release.

\n

Organizations that maintain custom kernels or remain on older kernel branches may need to manually backport or apply the upstream patch according to their standard patch management and validation processes.

\n

As a general best practice, ensure systems are regularly updated with the latest security patches and kernel releases provided by your operating system vendor.

\n","ordinal":10000},{"title":"Linux MANA Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain ELEVATED privileges, which may allow them to perform actions beyond their original permissions.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

An attacker who already has control of the host environment could trigger a flaw in the guest driver that mishandles memory. This could allow the attacker to read sensitive information from the guest and potentially use that access to gain higher privileges within the guest system.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45476","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4770835d-484e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006ee1c292","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45465","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45465","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45465","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have to click on a specially crafted URL to be compromised by the attacker.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45465","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5da8c3f7-3f4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000009566a35","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45464","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45464","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45464","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have to click on a specially crafted URL to be compromised by the attacker.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45464","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ed9e76cf-3f4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a4ca11d8","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45463","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-191: Integer Underflow (Wrap or Wraparound)","CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html","cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45463","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45463","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Integer underflow (wrap or wraparound) in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office for Android currently available?

\n

The security update for Microsoft Office for Android is not immediately available. The update will be released as soon as possible. When it is available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45463","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"92388aa5-3f4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003f3fb97a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45462","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45462","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45462","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious link and convince the user to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45462","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"225654f0-3e4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b3589c32","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45459","cveTitle":"Microsoft Excel Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-45459","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45459","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"3.3","temporalScore":"2.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"title":"Microsoft Office Excel Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45459","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"72f26d58-3d4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000039f8734d","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45457","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45457","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45457","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45457","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5b5a27f6-3c4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006fe1c292","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45455","cveTitle":"Microsoft Excel Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-45455","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45455","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"3.3","temporalScore":"2.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Microsoft Office Excel Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45455","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8506fb8c-3c4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000a566a35","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45454","cveTitle":"Microsoft SharePoint Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"unformattedDescription":"Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-45454","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45454","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

\n

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45454","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1fba5d51-3c4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000465f1159","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44822","cveTitle":"Microsoft Excel Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-44822","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44822","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"8.2","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Microsoft Office Excel Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?

\n

An attacker who successfully exploited this vulnerability could view sensitive information, (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44822","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8d97dbc2-3b4e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001686fd20","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-40376","cveTitle":"Visual Studio Code Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-10T07:00:00-07:00","description":"

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-40376","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40376","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Visual Studio Code Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

A successful attacker could obtain the permissions associated with the MCP Server\u2019s managed identity. This may allow the attacker to access or perform actions on any resources that the managed identity is authorized to reach. The attacker does not gain broader tenant\u2011level or administrator permissions; only those tied to the compromised managed identity.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40376","version":1.1,"revisionDate":"2026-06-10T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated the Security Updates Build Number

\n","unformattedDescription":"Updated the Security Updates Build Number","notificationNeeded":false,"notificationSent":false,"sourceId":"5ea7ce53-f464-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-40376","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aa898514-993a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000094a65686","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42835","cveTitle":"Microsoft Teams for Android Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.

\n","cweList":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"],"cweDetailsListForSearch":["cwe: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","cweUrl: https://cwe.mitre.org/data/definitions/74.html"],"unformattedDescription":"Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.","mitreText":"CVE-2026-42835","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42835","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Teams for Android","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","https://cwe.mitre.org/data/definitions/74.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?

\n

The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.

\n","ordinal":10000},{"title":"Microsoft Teams for Android Information Disclosure Vulnerability","articleType":"100000000","description":"

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42835","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e0794c88-6249-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004f2f7de6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42829","cveTitle":"Windows Administrator Protection Secure Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-42829","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42829","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Administrator Protection","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Windows Administrator Protection Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

This vulnerability could bypass Windows Administrator Protection, a security feature designed to prevent applications running with standard user permissions from performing actions that require administrator access. Successful exploitation could allow an attacker to run code with administrator privileges without the normal security checks.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42829","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1fac2a6b-0048-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000eaa32489","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42828","cveTitle":"Windows Projected File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-126: Buffer Over-read"],"cweDetailsListForSearch":["cwe: CWE-126: Buffer Over-read","cweUrl: https://cwe.mitre.org/data/definitions/126.html"],"unformattedDescription":"Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42828","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42828","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Projected File System Filter Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-126: Buffer Over-read","https://cwe.mitre.org/data/definitions/126.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Projected File System Filter Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42828","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"974b4758-0048-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000f3fb8f3","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-40371","cveTitle":"Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-10T07:00:00-07:00","description":"

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

\n","cweList":["CWE-280: Improper Handling of Insufficient Permissions or Privileges"],"cweDetailsListForSearch":["cwe: CWE-280: Improper Handling of Insufficient Permissions or Privileges","cweUrl: https://cwe.mitre.org/data/definitions/280.html"],"unformattedDescription":"Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-40371","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40371","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Dynamics 365 (on-premises)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-280: Improper Handling of Insufficient Permissions or Privileges","https://cwe.mitre.org/data/definitions/280.html"]}],"articles":[{"title":"Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker who is already signed in to the affected Microsoft Dynamics 365 (On\u2011Premises) system could send a specially crafted request to the vulnerable scenario\u2011switching page, which does not properly check permissions. By doing so, the attacker could improperly assign themselves the System Administrator role and gain full administrative control of the organization.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain administrator privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40371","version":1.1,"revisionDate":"2026-06-10T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

The release notes link has been updated to point to the latest available version. Informational change only.

\n","unformattedDescription":"The release notes link has been updated to point to the latest available version. Informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"0e2d73a1-0065-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-40371","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce6de8ba-303a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b964e9a1","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-33113","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-33113","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33113","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have to click on a specially crafted URL to be compromised by the attacker.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33113","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f179bc51-3e2d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000099d1395a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-26142","cveTitle":"Nuance PowerScribe Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-26142","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26142","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Nuance PowerScribe","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"title":"Nuance PowerScribe Remote Code Execution Vulnerability","articleType":"100000000","description":"

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26142","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e99dbca3-1817-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00008ea6271e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-50508","cveTitle":"Windows NTLM Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-50508","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50508","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows NTLM","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Windows NTLM Spoofing Vulnerability","articleType":"100000000","description":"

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-50508","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3770e0e2-5263-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000dd4de4e2","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-49161","cveTitle":"Microsoft PC Manager Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-49161","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-49161","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft PC Manager","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Microsoft PC Manager Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An unauthenticated attacker is able to bypass the expected user access.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-49161","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9e24e903-3b60-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c084ed7b","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48583","cveTitle":"Windows Kernel Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-48583","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48583","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48583","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6123d668-5e5f-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000269ed033","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48578","cveTitle":"Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-48578","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48578","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Secure Boot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.9","temporalScore":"6.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

\n","ordinal":10000},{"title":"Windows Secure Boot Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper access control in Windows Secure Boot allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48578","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1c543f82-af5e-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ac3da84e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48576","cveTitle":"Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-1329 - Reliance on Component That is Not Updateable"],"cweDetailsListForSearch":["cwe: CWE-1329 - Reliance on Component That is Not Updateable","cweUrl: https://cwe.mitre.org/data/definitions/1329.html"],"unformattedDescription":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-48576","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48576","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Secure Boot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.9","temporalScore":"6.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1329 - Reliance on Component That is Not Updateable","https://cwe.mitre.org/data/definitions/1329.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

\n","ordinal":10000},{"title":"Windows Secure Boot Security Feature Bypass Vulnerability","articleType":"100000000","description":"

No cwe for this issue in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48576","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"010743f8-ae5e-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007d9b9e36","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48575","cveTitle":"Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-48575","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48575","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Secure Boot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.9","temporalScore":"6.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"title":"Windows Secure Boot Security Feature Bypass Vulnerability","articleType":"100000000","description":"

No cwe for this issue in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"title":"Windows Secure Boot Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48575","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"af6f5d86-ae5e-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b384ed7b","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48573","cveTitle":"Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-1329 - Reliance on Component That is Not Updateable"],"cweDetailsListForSearch":["cwe: CWE-1329 - Reliance on Component That is Not Updateable","cweUrl: https://cwe.mitre.org/data/definitions/1329.html"],"unformattedDescription":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-48573","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48573","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Secure Boot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.9","temporalScore":"6.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1329 - Reliance on Component That is Not Updateable","https://cwe.mitre.org/data/definitions/1329.html"]}],"articles":[{"title":"Windows Secure Boot Security Feature Bypass Vulnerability","articleType":"100000000","description":"

No cwe for this issue in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48573","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2e852017-ae5e-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004ef9941e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48570","cveTitle":"Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-48570","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48570","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Secure Boot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.9","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"title":"Windows Secure Boot Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48570","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2a360f55-ad5e-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000259ed033","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48568","cveTitle":"Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-48568","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48568","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Secure Boot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.9","temporalScore":"6.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

\n","ordinal":10000},{"title":"Windows Secure Boot Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48568","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ab841d1b-a55e-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ab3da84e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48566","cveTitle":"Windows DWM Core Library Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-48566","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48566","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DWM Core Library","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows DWM Core Library Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48566","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2dbb4450-8e5e-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-48566","version":1.1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who have already installed the May 2026 updates do not need to take any further action.

\n","unformattedDescription":"Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who have already installed the May 2026 updates do not need to take any further action.","notificationNeeded":true,"notificationSent":true,"sourceId":"1b5662d7-9863-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b284ed7b","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-48563","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-48563","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-48563","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-48563","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"933cac27-e75d-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d2453e46","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47654","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-47654","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47654","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.5","temporalScore":"6.6","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

\n","ordinal":10000},{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47654","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4f11dd61-d25b-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000074012b16","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47652","cveTitle":"Windows Hyper-V Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-47652","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47652","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Hyper-V","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.2","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"title":"Windows Hyper-V Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could exploit this vulnerability by running code within a virtualized environment and issuing a specially crafted hypercall with a maliciously large or malformed payload size. By manipulating this input, the attacker can trigger a buffer overflow in the hypervisor during memory operations.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47652","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"42c1e25b-d25b-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d98c8373","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47653","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-47653","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47653","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could exploit this vulnerability by persuading a user to connect to a malicious Remote Desktop Protocol (RDP) server using a vulnerable RDP client. The malicious server could send specially crafted responses that trigger memory corruption on the client system, potentially allowing arbitrary code execution in the context of the logged-on user. Successful exploitation requires user interaction to establish the RDP connection.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47653","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"24c1e25b-d25b-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b3710239","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-8863","cveTitle":"UEFI Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-1329 - Reliance on Component That is Not Updateable"],"cweDetailsListForSearch":["cwe: CWE-1329 - Reliance on Component That is Not Updateable","cweUrl: https://cwe.mitre.org/data/definitions/1329.html"],"unformattedDescription":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-8863","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8863","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows UEFI","issuingCna":"CERT/CC","issuingCnaId":100000002,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-1329 - Reliance on Component That is Not Updateable","https://cwe.mitre.org/data/definitions/1329.html"]}],"articles":[{"title":"Windows UEFI Security Feature Bypass Vulnerability","articleType":"100000000","description":"

No cwe for this issue in Windows UEFI allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

Successfully exploiting this vulnerability could bypass UEFI Secure Boot, a security feature designed to ensure that only trusted software runs when a device starts. This could allow an attacker with local administrator privileges or physical access to run untrusted code early in the boot process, before the operating system\u2019s protections are active.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-8863","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3530e955-d25b-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000017bd17e6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47648","cveTitle":"Windows Storage Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-426: Untrusted Search Path"],"cweDetailsListForSearch":["cwe: CWE-426: Untrusted Search Path","cweUrl: https://cwe.mitre.org/data/definitions/426.html"],"unformattedDescription":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-47648","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47648","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Storage","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-426: Untrusted Search Path","https://cwe.mitre.org/data/definitions/426.html"]}],"articles":[{"title":"Windows Storage Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47648","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1d30e955-d25b-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000889ed033","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45588","cveTitle":"Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-45588","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45588","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Secure Boot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.9","temporalScore":"6.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

\n","ordinal":10000},{"title":"Windows Secure Boot Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45588","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f92fe955-d25b-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000a4a3342e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47641","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-47641","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47641","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious link and convince the user to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47641","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7e90e3c8-d75a-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000079487043","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47639","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-47639","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47639","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have to click on a specially crafted URL to be compromised by the attacker.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47639","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"46f8a6b3-d55a-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000014bd17e6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47638","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-47638","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47638","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious link and convince the user to open it.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47638","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"611d5523-d55a-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006bbae5e8","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47637","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-47637","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47637","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious link and convince the user to open it.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47637","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a4ad64f4-d45a-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000062f8d8b","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47636","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-47636","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47636","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have to click on a specially crafted URL to be compromised by the attacker.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47636","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2ab832a2-d45a-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000035d196a3","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47635","cveTitle":"Microsoft Outlook and Word Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-47635","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47635","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is Microsoft Word listed in the Security Updates table but the title indicates that Outlook is affected?

\n

This vulnerability can be exploited when rendering email in Outlook (classic). The rendering of email in Outlook (classic) uses Microsoft Word functionality. The vulnerability is in the Word functionality and is exploitable through Outlook (classic).

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47635","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce31dc00-c35a-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000daadebf6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-41098","cveTitle":"Azure Stack Edge Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-41098","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41098","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Stack Edge","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Azure Stack Edge Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could exploit this vulnerability by uploading a crafted SSL/TLS certificate containing malicious JavaScript in its X.509 Subject or Issuer fields to the Azure Stack Edge Local UI certificate management interface. When an administrator views the certificate details, the script executes in their browser session, allowing the attacker to perform administrative actions and access sensitive configuration or cryptographic material within the Local UI.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41098","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"41796eff-bb5a-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000a1a3342e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47631","cveTitle":"Microsoft Exchange Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-47631","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47631","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Exchange Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Exchange Server Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could attempt to exploit this vulnerability by convincing an Exchange administrator to open specially crafted content, such as a malicious link or message, which could allow the attacker to run code in the administrator\u2019s web session.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47631","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"68ba127e-d859-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001e9dbf07","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47298","cveTitle":"Microsoft SharePoint Server Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-10T07:00:00-07:00","description":"

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-285: Improper Authorization"],"cweDetailsListForSearch":["cwe: CWE-285: Improper Authorization","cweUrl: https://cwe.mitre.org/data/definitions/285.html"],"unformattedDescription":"Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-47298","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47298","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.0","temporalScore":"7.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-285: Improper Authorization","https://cwe.mitre.org/data/definitions/285.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?

\n

This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

\n

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47298","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79f8a717-4859-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-47298","version":1.1,"revisionDate":"2026-06-10T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Updated an acknowledgement. This is an informational change only.

\n","unformattedDescription":"Updated an acknowledgement. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"1829da9b-0165-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d264e9a1","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-32193","cveTitle":"Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

\n","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"unformattedDescription":"Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.","mitreText":"CVE-2026-32193","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32193","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Azure Kubernetes Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[{"title":"Microsoft Azure Kubernetes Service Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker who can run an untrusted container configured with hostNetwork could send specially crafted requests to a host\u2011level service that was not intended for unauthenticated access. This could allow the attacker to break out of the container and gain control of the AKS worker node.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"title":"Microsoft Azure Kubernetes Service Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

\n","ordinal":10000},{"title":"Microsoft Azure Kubernetes Service Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32193","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"15c0cb36-b723-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000cc1f619c","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-41092","cveTitle":"Microsoft Kinect Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-41092","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41092","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Kinect","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Microsoft Kinect Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41092","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3cf20f03-2e4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007ce1d237","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47292","cveTitle":"Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

\n","cweList":["CWE-829: Inclusion of Functionality from Untrusted Control Sphere","CWE-94: Improper Control of Generation of Code ('Code Injection')"],"cweDetailsListForSearch":["cwe: CWE-829: Inclusion of Functionality from Untrusted Control Sphere","cweUrl: https://cwe.mitre.org/data/definitions/829.html","cwe: CWE-94: Improper Control of Generation of Code ('Code Injection')","cweUrl: https://cwe.mitre.org/data/definitions/94.html"],"unformattedDescription":"Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.","mitreText":"CVE-2026-47292","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47292","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-829: Inclusion of Functionality from Untrusted Control Sphere","https://cwe.mitre.org/data/definitions/829.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-94: Improper Control of Generation of Code ('Code Injection')","https://cwe.mitre.org/data/definitions/94.html"]}],"articles":[{"title":"Visual Studio Code Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47292","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e416d4ba-1757-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000ab83dc4f","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47291","cveTitle":"HTTP.sys Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-190: Integer Overflow or Wraparound","CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html","cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-47291","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47291","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows HTTP.sys","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.

\n","ordinal":10000},{"articleType":"Mitigation","description":"

To help protect against this vulnerability prior to installing the June 2026 security updates for your operating system, you may need to modify the MaxRequestBytes registry value used by the Windows HTTP stack if it isn't set to the default value.

\n

Note

\n\n

Configure the registry setting using Registry Editor

\n
    \n

  1. Select Start, type regedit, and open Registry Editor.

    \n
    2. \n

  2. Navigate to the following registry key:

    \n

    HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HTTP\\Parameters

    \n
    3. \n

  3. Locate the value MaxRequestBytes:

    \n
    4. \n
\n\n
    \n
  1. Double-click MaxRequestBytes and configure the value:
    2. \n
\n\n
    \n

  1. Select OK, and then close Registry Editor.

    \n
    2. \n

  2. Restart the HTTP service or restart the system

    \n
    net stop http /y\nnet start http\n
    \n
    3. \n
\n

Configure the registry setting using PowerShell

\n
    \n

  1. Open PowerShell as Administrator.

    \n
    2. \n

  2. Run the following command:

    \n
    $path = "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\HTTP\\Parameters"\nNew-ItemProperty -Path $path -Name MaxRequestBytes -PropertyType DWORD -Value 16384 -Force\n
    \n\n
    3. \n

  3. Restart the HTTP service:

    \n
    net stop http /y\nnet start http\n
    \n
    4. \n
\n

Verify the registry setting

\n

Run the following command to confirm the configured value:

\n

reg query HKLM\\SYSTEM\\CurrentControlSet\\Services\\HTTP\\Parameters /v MaxRequestBytes

\n

How to revert the change (undo the mitigation)

\n

Restore the default value

\n
    \n

  1. Open Registry Editor.

    \n
    2. \n

  2. Navigate to:

    \n

    HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HTTP\\Parameters

    \n
    3. \n

  3. Set MaxRequestBytes to:

    \n

    16384

    \n
    4. \n
\n

Or remove the registry value

\n\n

Apply the rollback

\n
    \n
  1. Double-click MaxRequestBytes and configure the value:
    2. \n
  2. Restart the HTTP service or restart the system.
    3. \n
\n","ordinal":10000},{"title":"Windows HTTP.sys Remote Code Execution Vulnerability","articleType":"100000000","description":"

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47291","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f02ef988-c956-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000084281865","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47289","cveTitle":"Remote Desktop Client Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-47289","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47289","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Remote Desktop Client","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could exploit this vulnerability by persuading a user to connect with the Remote Desktop client to a system that presents a specially crafted Remote Desktop Protocol (RDP) certificate. When the client processes the malformed certificate during the connection process, the attacker could run code on the user\u2019s device in the context of the Remote Desktop client, with the same privileges as the user running it.

\n","ordinal":10000},{"title":"Remote Desktop Client Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47289","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"92735950-1556-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001f9dbf07","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47288","cveTitle":"Windows Kerberos Key Distribution Center (KDC) Remote Code Execution","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.

\n","cweList":["CWE-190: Integer Overflow or Wraparound"],"cweDetailsListForSearch":["cwe: CWE-190: Integer Overflow or Wraparound","cweUrl: https://cwe.mitre.org/data/definitions/190.html"],"unformattedDescription":"Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.","mitreText":"CVE-2026-47288","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47288","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kerberos","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.1","temporalScore":"6.2","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-190: Integer Overflow or Wraparound","https://cwe.mitre.org/data/definitions/190.html"]}],"articles":[{"title":"Windows Kerberos Remote Code Execution Vulnerability","articleType":"100000000","description":"

Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker who is already authenticated to the domain could send specially crafted authentication-related data to a domain controller, causing the affected Windows component to incorrectly handle memory. This could allow the attacker to disrupt the service or gain higher privileges on the domain controller without any user interaction.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47288","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0adf083d-1556-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004e3fc91f","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-47287","cveTitle":"Visual Studio Code Tampering Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.

\n","cweList":["CWE-23: Relative Path Traversal"],"cweDetailsListForSearch":["cwe: CWE-23: Relative Path Traversal","cweUrl: https://cwe.mitre.org/data/definitions/23.html"],"unformattedDescription":"Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.","mitreText":"CVE-2026-47287","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-47287","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Visual Studio Code","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000009,"impact":"Tampering","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-23: Relative Path Traversal","https://cwe.mitre.org/data/definitions/23.html"]}],"articles":[{"title":"Visual Studio Code Tampering Vulnerability","articleType":"100000000","description":"

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-47287","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"39d01a44-0e56-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000afbae5e8","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45657","cveTitle":"Windows Kernel Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-416: Use After Free","CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-45657","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45657","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Kernel Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

An attacker could exploit this vulnerability by sending specially crafted network traffic to a vulnerable Windows system. If successful, the malicious network packets could trigger a flaw in how the Windows kernel processes certain TCP/IP data, potentially allowing the attacker to run code with system-level privileges without needing to sign in or interact with a user.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45657","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e57322e8-3855-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004a2f8d8b","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45656","cveTitle":"UEFI Secure Boot Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.

\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","mitreText":"CVE-2026-45656","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45656","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows UEFI","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"title":"Windows UEFI Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

Successfully exploiting this vulnerability could weaken Windows Secure Boot protections that help ensure only trusted boot components are loaded during system startup. This could allow the system to start in a less protected state, reducing the effectiveness of safeguards that maintain the integrity of the boot process.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45656","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b3bb10ca-2855-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000079d196a3","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45655","cveTitle":"Windows BitLocker Security Feature Bypass Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","mitreText":"CVE-2026-45655","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45655","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows BitLocker","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"5.3","temporalScore":"4.6","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"title":"Windows BitLocker Security Feature Bypass Vulnerability","articleType":"100000000","description":"

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

\n

A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45655","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b0b066b7-2855-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00008018dcd0","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45650","cveTitle":"Microsoft Bing Search Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-451: User Interface (UI) Misrepresentation of Critical Information"],"cweDetailsListForSearch":["cwe: CWE-451: User Interface (UI) Misrepresentation of Critical Information","cweUrl: https://cwe.mitre.org/data/definitions/451.html"],"unformattedDescription":"User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45650","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45650","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Bing","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.3","temporalScore":"3.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-451: User Interface (UI) Misrepresentation of Critical Information","https://cwe.mitre.org/data/definitions/451.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

\n","ordinal":10000},{"title":"Microsoft Bing Spoofing Vulnerability","articleType":"100000000","description":"

User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have to click on a specially crafted URL to be compromised by the attacker.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45650","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4d0c1708-9454-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000be487043","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45649","cveTitle":"Office for Android Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.","mitreText":"CVE-2026-45649","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45649","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Office for Android","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"7.1","temporalScore":"6.2","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"title":"Office for Android Spoofing Vulnerability","articleType":"100000000","description":"

Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Word, PowerPoint and Excel for Android currently available?

\n

The security update for Microsoft Word for Android, Microsoft PowerPoint for Android and Microsoft Excel for Android are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45649","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4a404e6d-8a54-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000059bd17e6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45648","cveTitle":"Windows Active Directory Domain Services Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

\n","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"unformattedDescription":"Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.","mitreText":"CVE-2026-45648","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45648","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Active Directory Domain Services","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

A domain\u2011authenticated attacker with access to the NSPI RPC interface can provide crafted inputs that trigger an out\u2011of\u2011bounds write in the directory service process, leading to memory corruption/remote code execution.

\n","ordinal":10000},{"title":"Active Directory Domain Services Remote Code Execution Vulnerability","articleType":"100000000","description":"

Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

\n

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit the vulnerability?

\n

An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45648","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"527138cc-8454-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007ad196a3","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45645","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45645","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45645","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45645","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3e9d133f-d053-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001c8d8373","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45643","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45643","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45643","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45643","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c37e96ac-cc53-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b7012b16","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45642","cveTitle":"Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","mitreText":"CVE-2026-45642","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45642","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Azure Attestation service and Device Health Attestation Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"3.9","temporalScore":"3.4","vectorString":"CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability","articleType":"100000000","description":"

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How do I protect myself from this vulnerability?

\n

Microsoft has already deployed a service-side fix for this vulnerability in Azure Attestation. No customer patching or update installation is required.

\n

To ensure you remain protected, follow the guidance below:

\n\n
EV_EFI_VARIABLE_AUTHORITY\nEV_EFI_BOOT_SERVICES_APPLICATION\n
\n

These events can no longer be considered trustworthy signals for attestation evaluation.

\n

Adjust existing policies if needed

\n\n

Continue monitoring via supported claims

\n\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45642","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ff2bbb52-c053-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000e463e46","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45634","cveTitle":"Windows DHCP Client Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-45634","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45634","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows DHCP Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows DHCP Server Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

Successful exploitation could allow an attacker to read a limited amount of information from the affected system\u2019s memory. This information would be restricted in scope and is not expected to expose large amounts of sensitive data.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45634","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1973cdd0-be53-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000e6a3342e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45641","cveTitle":"Windows Hyper-V Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"],"cweDetailsListForSearch":["cwe: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","cweUrl: https://cwe.mitre.org/data/definitions/843.html"],"unformattedDescription":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45641","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45641","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Role: Windows Hyper-V","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","https://cwe.mitre.org/data/definitions/843.html"]}],"articles":[{"title":"Windows Hyper-V Remote Code Execution Vulnerability","articleType":"100000000","description":"

Access of resource using incompatible type ('type confusion') in Windows Hyper-V allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45641","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f272cdd0-be53-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000acbae5e8","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45607","cveTitle":"Windows Hyper-V Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45607","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45607","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Hyper-V","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows Hyper-V Remote Code Execution Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45607","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dd72cdd0-be53-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000472f8d8b","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45606","cveTitle":"Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.","mitreText":"CVE-2026-45606","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45606","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft UxTheme Library (uxtheme.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45606","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c672cdd0-be53-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00008118dcd0","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45640","cveTitle":"Windows Bluetooth Port Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45640","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45640","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Bluetooth Port Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Bluetooth Port Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45640","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"daecc0ca-be53-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b7487043","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45639","cveTitle":"Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.","mitreText":"CVE-2026-45639","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45639","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows RDP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read portions of process memory.

\n","ordinal":10000},{"title":"Windows RDP Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45639","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c4ecc0ca-be53-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000076d196a3","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45605","cveTitle":"Windows Bluetooth Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45605","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45605","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Bluetooth Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Bluetooth Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain ELEVATED privileges, which may allow them to perform actions beyond their original permissions.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45605","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"acecc0ca-be53-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001585ed7b","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45583","cveTitle":"Microsoft Exchange Server Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

\n","cweList":["CWE-94: Improper Control of Generation of Code ('Code Injection')"],"cweDetailsListForSearch":["cwe: CWE-94: Improper Control of Generation of Code ('Code Injection')","cweUrl: https://cwe.mitre.org/data/definitions/94.html"],"unformattedDescription":"Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-45583","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45583","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Exchange Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-94: Improper Control of Generation of Code ('Code Injection')","https://cwe.mitre.org/data/definitions/94.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?

\n

Exploitation depends on an attacker being able to place themselves in a machine\u2011in\u2011the\u2011middle position on the network during use of the affected script. Because this requires specific network conditions that are not commonly present, the vulnerability is more difficult to exploit than issues that can be triggered directly.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker who is able to intercept network traffic could interfere with the secure connection used by the Exchange migration script and inject malicious data. When the script is run during a hybrid migration, this could cause unintended commands to run on the on\u2011premises Exchange server with administrative permissions.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is there anything to be done in addition to installing the June 2026 security updates for my Exchange Server?

\n

Yes, Microsoft recommends that customers download and use the latest, fixed version of the Public Folder scripts. The versions of the Public Folder scripts included with Exchange Server are outdated and will be removed in a future update.\nCustomers can download the latest version of the Public Folder scripts here.

\n","ordinal":10000},{"title":"Microsoft Exchange Server Remote Code Execution Vulnerability","articleType":"100000000","description":"

Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45583","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c96a7539-fc52-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004c27f793","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45504","cveTitle":"Microsoft Exchange Server Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

\n","cweList":["CWE-918: Server-Side Request Forgery (SSRF)"],"cweDetailsListForSearch":["cwe: CWE-918: Server-Side Request Forgery (SSRF)","cweUrl: https://cwe.mitre.org/data/definitions/918.html"],"unformattedDescription":"Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-45504","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45504","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Exchange Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-918: Server-Side Request Forgery (SSRF)","https://cwe.mitre.org/data/definitions/918.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited the vulnerability?

\n

An attacker could gain elevated privileges beyond those normally available to them, allowing actions such as accessing restricted information or performing operations that are typically limited to more highly privileged users or administrators.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker with a low-privilege user account and an assigned mailbox, could exploit weaknesses in how Exchange validates requests and identity tokens to impersonate another user. By doing so, the attacker could then access mailboxes through Exchange services as if they were that user.

\n","ordinal":10000},{"title":"Microsoft Exchange Server Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45504","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bfb97033-fc52-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001d85ed7b","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45503","cveTitle":"Microsoft Exchange Server Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

\n","cweList":["CWE-285: Improper Authorization"],"cweDetailsListForSearch":["cwe: CWE-285: Improper Authorization","cweUrl: https://cwe.mitre.org/data/definitions/285.html"],"unformattedDescription":"Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.","mitreText":"CVE-2026-45503","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45503","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Exchange Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-285: Improper Authorization","https://cwe.mitre.org/data/definitions/285.html"]}],"articles":[{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An authenticated Outlook Web App user could exploit this issue by reusing a valid access token issued to their own mailbox to access attachments stored in another user\u2019s mailbox within the same Exchange organization, without authorization.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker could gain unauthorized access to email attachments stored in other users\u2019 mailboxes within the same organization, which may include documents, images, or other files attached to emails.

\n","ordinal":10000},{"title":"Microsoft Exchange Server Information Disclosure Vulnerability","articleType":"100000000","description":"

Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45503","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a4b97033-fc52-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000821046d9","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45502","cveTitle":"Microsoft Exchange Server Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

\n","cweList":["CWE-918: Server-Side Request Forgery (SSRF)"],"cweDetailsListForSearch":["cwe: CWE-918: Server-Side Request Forgery (SSRF)","cweUrl: https://cwe.mitre.org/data/definitions/918.html"],"unformattedDescription":"Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.","mitreText":"CVE-2026-45502","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45502","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Exchange Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.0","temporalScore":"4.4","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-918: Server-Side Request Forgery (SSRF)","https://cwe.mitre.org/data/definitions/918.html"]}],"articles":[{"title":"Microsoft Exchange Server Information Disclosure Vulnerability","articleType":"100000000","description":"

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

If successfully exploited, this vulnerability could allow an authenticated user to learn information about internal or external network services that the Exchange server can reach, such as whether a service exists and how it responds. In some cases, error details returned by the server may reveal network addresses, connection status, or limited response data from those services.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

In this case, the Exchange server could be used to interact with other internal systems or services that are outside the normal security boundary of Exchange, potentially exposing information about those separate systems.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45502","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8bb97033-fc52-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000536e3cc1","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45501","cveTitle":"Microsoft Exchange Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-918: Server-Side Request Forgery (SSRF)"],"cweDetailsListForSearch":["cwe: CWE-918: Server-Side Request Forgery (SSRF)","cweUrl: https://cwe.mitre.org/data/definitions/918.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45501","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45501","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Exchange Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-918: Server-Side Request Forgery (SSRF)","https://cwe.mitre.org/data/definitions/918.html"]}],"articles":[{"title":"Microsoft Exchange Server Spoofing Vulnerability","articleType":"100000000","description":"

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45501","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"73b97033-fc52-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b8f9941e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45500","cveTitle":"Microsoft Exchange Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45500","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45500","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Exchange Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"6.1","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Exchange Server Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

User interaction in the Exchange Control Panel (ECP) is required to exploit this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45500","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5db97033-fc52-f111-939d-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000cfb3601d","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45491","cveTitle":".NET Tampering Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

\n","cweList":["CWE-59: Improper Link Resolution Before File Access ('Link Following')"],"cweDetailsListForSearch":["cwe: CWE-59: Improper Link Resolution Before File Access ('Link Following')","cweUrl: https://cwe.mitre.org/data/definitions/59.html"],"unformattedDescription":"Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.","mitreText":"CVE-2026-45491","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45491","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000009,"impact":"Tampering","langCode":"en-US","baseScore":"6.2","temporalScore":"5.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-59: Improper Link Resolution Before File Access ('Link Following')","https://cwe.mitre.org/data/definitions/59.html"]}],"articles":[{"title":".NET Tampering Vulnerability","articleType":"100000000","description":"

Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45491","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a1f72b7d-e64f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00006a2808c0","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45490","cveTitle":".NET SDK Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-285: Improper Authorization"],"cweDetailsListForSearch":["cwe: CWE-285: Improper Authorization","cweUrl: https://cwe.mitre.org/data/definitions/285.html"],"unformattedDescription":"Improper authorization in .NET allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45490","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45490","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-285: Improper Authorization","https://cwe.mitre.org/data/definitions/285.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":".NET Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45490","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f0f9c870-e64f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00002ef8734d","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45487","cveTitle":"Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"],"cweDetailsListForSearch":["cwe: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","cweUrl: https://cwe.mitre.org/data/definitions/367.html"],"unformattedDescription":"Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-45487","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45487","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Program Compatibility Assistant Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","https://cwe.mitre.org/data/definitions/367.html"]}],"articles":[{"title":"Program Compatibility Assistant Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45487","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c77036e2-a24f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d36c1bf0","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45466","cveTitle":"Microsoft Word Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-45466","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45466","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"3.3","temporalScore":"2.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Microsoft Office Word Information Disclosure Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45466","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7938b585-424e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000dab3601d","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45461","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45461","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45461","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office for Android currently available?

\n

The security update for Microsoft Office for Android is not immediately available. The update will be released as soon as possible. When it is available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45461","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f40a0fab-3d4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000752808c0","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45460","cveTitle":"Microsoft Office Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

\n","cweList":["CWE-126: Buffer Over-read"],"cweDetailsListForSearch":["cwe: CWE-126: Buffer Over-read","cweUrl: https://cwe.mitre.org/data/definitions/126.html"],"unformattedDescription":"Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-45460","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45460","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"4.7","temporalScore":"4.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-126: Buffer Over-read","https://cwe.mitre.org/data/definitions/126.html"]}],"articles":[{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Information Disclosure Vulnerability","articleType":"100000000","description":"

Buffer over-read in Microsoft Office allows an unauthorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office for Android currently available?

\n

The security update for Microsoft Office for Android is not immediately available. The update will be released as soon as possible. When it is available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45460","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"67b47585-3d4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004ecd43d5","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45458","cveTitle":"Microsoft Outlook and Word Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45458","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45458","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

\n

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is Microsoft Word listed in the Security Updates table but the title indicates that Outlook is affected?

\n

This vulnerability can be exploited when rendering email in Outlook (classic). The rendering of email in Outlook (classic) uses Microsoft Word functionality. The vulnerability is in the Word functionality and is exploitable through Outlook (classic).

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45458","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b1c4fa16-3d4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d46c1bf0","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45456","cveTitle":"Microsoft Outlook and Word Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"],"cweDetailsListForSearch":["cwe: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","cweUrl: https://cwe.mitre.org/data/definitions/843.html"],"unformattedDescription":"Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45456","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45456","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","https://cwe.mitre.org/data/definitions/843.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

\n

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is Microsoft Word listed in the Security Updates table but the title indicates that Outlook is affected?

\n

This vulnerability can be exploited when rendering email in Outlook (classic). The rendering of email in Outlook (classic) uses Microsoft Word functionality. The vulnerability is in the Word functionality and is exploitable through Outlook (classic).

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45456","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c0b4bbbb-3c4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000a5ca11d8","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45453","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45453","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45453","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"5.4","temporalScore":"4.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

The user would have to click on a specially crafted URL to be compromised by the attacker.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45453","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"611a6e23-3c4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000e81afe28","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44824","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-44824","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44824","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

\n

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44824","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc9b2e07-3c4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000abea69b6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44823","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-197: Numeric Truncation Error","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-197: Numeric Truncation Error","cweUrl: https://cwe.mitre.org/data/definitions/197.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-44823","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44823","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-197: Numeric Truncation Error","https://cwe.mitre.org/data/definitions/197.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"

Numeric truncation error in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44823","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4448c0e6-3b4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000e1d3b8fb","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44821","cveTitle":"Microsoft Office Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-44821","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44821","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Microsoft Office Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

\n

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44821","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6d80dca1-3b4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007c48609e","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44820","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-44820","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44820","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44820","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4fa75f87-3a4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000c2f7de6","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44819","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-44819","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44819","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

\n

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44819","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"50466a64-3a4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000a7a32489","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44818","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-44818","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44818","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44818","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4ff8471d-3a4e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001abd0741","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-44817","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"],"cweDetailsListForSearch":["cwe: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","cweUrl: https://cwe.mitre.org/data/definitions/843.html"],"unformattedDescription":"Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-44817","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-44817","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","https://cwe.mitre.org/data/definitions/843.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-44817","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"63d038b0-394e-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000cf309eb7","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-42902","cveTitle":"Microsoft PowerToys Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-285: Improper Authorization"],"cweDetailsListForSearch":["cwe: CWE-285: Improper Authorization","cweUrl: https://cwe.mitre.org/data/definitions/285.html"],"unformattedDescription":"Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-42902","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-42902","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft PowerToys","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-285: Improper Authorization","https://cwe.mitre.org/data/definitions/285.html"]}],"articles":[{"title":"Microsoft PowerToys Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-42902","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3f7fd233-834d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000eab828c1","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-34335","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-34335","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34335","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-34335","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2b4425a4-8e36-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e6a9fd58","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-33828","cveTitle":"Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-501: Trust Boundary Violation"],"cweDetailsListForSearch":["cwe: CWE-501: Trust Boundary Violation","cweUrl: https://cwe.mitre.org/data/definitions/501.html"],"unformattedDescription":"Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33828","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33828","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Azure Attestation service and Device Health Attestation Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-501: Trust Boundary Violation","https://cwe.mitre.org/data/definitions/501.html"]}],"articles":[{"title":"Windows Attestation Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33828","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3912195d-f231-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000aa566a35","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-40404","cveTitle":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","cweList":["CWE-122: Heap-based Buffer Overflow","CWE-197: Numeric Truncation Error"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html","cwe: CWE-197: Numeric Truncation Error","cweUrl: https://cwe.mitre.org/data/definitions/197.html"],"mitreText":"CVE-2026-40404","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40404","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Universal Disk Format File System Driver (UDFS)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-197: Numeric Truncation Error","https://cwe.mitre.org/data/definitions/197.html"]}],"articles":[{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges over a network.

\n","ordinal":10000},{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40404","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d4f95c36-d33d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000053599c32","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-40409","cveTitle":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","cweList":["CWE-197: Numeric Truncation Error"],"cweDetailsListForSearch":["cwe: CWE-197: Numeric Truncation Error","cweUrl: https://cwe.mitre.org/data/definitions/197.html"],"mitreText":"CVE-2026-40409","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40409","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Universal Disk Format File System Driver (UDFS)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-197: Numeric Truncation Error","https://cwe.mitre.org/data/definitions/197.html"]}],"articles":[{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Numeric truncation error in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Numeric truncation error in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Numeric truncation error in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"title":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Numeric truncation error in Windows Universal Disk Format File System Driver (UDFS) allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40409","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"51a2e53f-d43d-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00001f09d482","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2025-10263","cveTitle":"ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

No cwe for this issue in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"No cwe for this issue in Windows Kernel allows an unauthorized attacker to elevate privileges locally.","mitreText":"CVE-2025-10263","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-10263","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Arm Limited","issuingCnaId":100000002,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.3","temporalScore":"8.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Arm Limited","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

\n

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

\n","ordinal":10002},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000},{"articleType":"FAQ","description":"

How could an attacker exploit this vulnerability?

\n

An attacker could exploit this issue by triggering a specific timing condition during a memory permission change, causing a memory write to be applied using outdated permissions. Under these conditions, a write from a lower\u2011privileged context could succeed even after access should have been restricted.

\n","ordinal":10000},{"title":"Windows Kernel Elevation of Privilege Vulnerability","articleType":"100000000","description":"

No cwe for this issue in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2025-10263","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b3ff4c53-4422-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009aca11d8","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45483","cveTitle":"Microsoft Office Project Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45483","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45483","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Project","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Office Project Server Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45483","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4eabedad-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000064e1c292","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45485","cveTitle":"Microsoft Office Information Disclosure Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-45485","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45485","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"3.3","temporalScore":"2.9","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"articleType":"FAQ","description":"

What type of information could be disclosed by this vulnerability?

\n

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

\n

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Information Disclosure Vulnerability","articleType":"100000000","description":"

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45485","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3d0aeaa7-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000c96c1bf0","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45486","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45486","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45486","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45486","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4e09eaa7-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b1589c32","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45479","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45479","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45479","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious link and convince the user to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45479","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8b09eea1-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000008566a35","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45474","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45474","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45474","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office for Android currently available?

\n

The security update for Microsoft Office for Android is not immediately available. The update will be released as soon as possible. When it is available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45474","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2f16f59b-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000d9b3601d","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45471","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45471","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45471","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

\n

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45471","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6182f495-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003e3fb97a","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45472","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45472","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45472","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

Yes, the Preview Pane is an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office for Android currently available?

\n

The security update for Microsoft Office for Android is not immediately available. The update will be released as soon as possible. When it is available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45472","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3982f495-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00006de1c292","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45475","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45475","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45475","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

\n

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45475","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"df81f495-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000b2589c32","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45469","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","cweList":["CWE-191: Integer Underflow (Wrap or Wraparound)","CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html","cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-45469","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45469","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

\n

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

\n

An attacker must send a user a malicious Office file and convince them to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Is the Preview Pane an attack vector for this vulnerability?

\n

No, the Preview Pane is not an attack vector.

\n","ordinal":10000},{"articleType":"FAQ","description":"

Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available?

\n

The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

\n","ordinal":10000},{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45469","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"954cfb8f-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00004dcd43d5","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45468","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45468","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45468","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious link and convince the user to open it.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45468","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"754cfb8f-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000038f8734d","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-45467","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-45467","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-45467","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.6","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"articleType":"FAQ","description":"

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?

\n

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).

\n","ordinal":10000},{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

\n

An authorized attacker must send the user a malicious link and convince the user to open it.

\n","ordinal":10000},{"articleType":"FAQ","description":"

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

\n

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-45467","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3d4cfb8f-414e-f111-8ce4-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000287f7855","releaseDate":"2026-06-09T07:00:00-07:00","cveNumber":"CVE-2026-41108","cveTitle":"Windows DNS Client Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T07:00:00-07:00","description":"

Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

\n","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-41108","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41108","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Windows DNS","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Microsoft Windows DNS Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"title":"Microsoft Windows DNS Elevation of Privilege Vulnerability","articleType":"100000000","description":"

Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

\n","ordinal":10000},{"articleType":"FAQ","description":"

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

\n

Successful exploitation of this vulnerability requires an attacker to win a race condition.

\n","ordinal":10000},{"articleType":"FAQ","description":"

What privileges could be gained by an attacker who successfully exploited this vulnerability?

\n

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41108","version":1,"revisionDate":"2026-06-09T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"34a5168c-6d43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000644ea5d5","releaseDate":"2026-06-09T01:02:38-07:00","cveNumber":"CVE-2026-50263","cveTitle":"Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:40:37-07:00","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"mitreText":"CVE-2026-50263","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50263","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.5","temporalScore":"5.5","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-50263","version":1,"revisionDate":"2026-06-09T01:02:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d51699e7-9e63-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-50263","version":2,"revisionDate":"2026-06-11T01:40:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79c3b28c-3665-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006e95ea02","releaseDate":"2026-06-09T01:02:33-07:00","cveNumber":"CVE-2026-50258","cveTitle":"Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:40:30-07:00","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"mitreText":"CVE-2026-50258","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50258","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-50258","version":1,"revisionDate":"2026-06-09T01:02:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a7fa52e1-9e63-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-50258","version":2,"revisionDate":"2026-06-11T01:40:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fb58b386-3665-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d3204360","releaseDate":"2026-06-09T01:02:27-07:00","cveNumber":"CVE-2026-50257","cveTitle":"Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:40:22-07:00","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"mitreText":"CVE-2026-50257","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50257","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-50257","version":1,"revisionDate":"2026-06-09T01:02:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a1fa52e1-9e63-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-50257","version":2,"revisionDate":"2026-06-11T01:40:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fb1b237e-3665-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000090a92a5","releaseDate":"2026-06-09T01:02:22-07:00","cveNumber":"CVE-2026-50259","cveTitle":"Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:40:15-07:00","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"mitreText":"CVE-2026-50259","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50259","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-50259","version":1,"revisionDate":"2026-06-09T01:02:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"168665de-9e63-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-50259","version":2,"revisionDate":"2026-06-11T01:40:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"14a6bd79-3665-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000093f0aeed","releaseDate":"2026-06-09T01:02:16-07:00","cveNumber":"CVE-2026-50260","cveTitle":"Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:40:08-07:00","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"mitreText":"CVE-2026-50260","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50260","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-50260","version":1,"revisionDate":"2026-06-09T01:02:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9c2e22d7-9e63-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-50260","version":2,"revisionDate":"2026-06-11T01:40:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"06a6bd79-3665-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c9d9fd32","releaseDate":"2026-06-09T01:02:10-07:00","cveNumber":"CVE-2026-50262","cveTitle":"Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:40:00-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-50262","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50262","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.5","temporalScore":"5.5","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-50262","version":1,"revisionDate":"2026-06-09T01:02:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1e3cbad3-9e63-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-50262","version":2,"revisionDate":"2026-06-11T01:40:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"09228d73-3665-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000038ac9bbd","releaseDate":"2026-06-09T01:02:04-07:00","cveNumber":"CVE-2026-50256","cveTitle":"Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:39:53-07:00","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"mitreText":"CVE-2026-50256","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50256","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-50256","version":2,"revisionDate":"2026-06-11T01:39:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"971aa26d-3665-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-50256","version":1,"revisionDate":"2026-06-09T01:02:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dd69bed0-9e63-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002e655690","releaseDate":"2026-06-09T01:01:59-07:00","cveNumber":"CVE-2026-50261","cveTitle":"Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:39:45-07:00","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"mitreText":"CVE-2026-50261","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50261","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-50261","version":1,"revisionDate":"2026-06-09T01:01:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"66780ccd-9e63-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-50261","version":2,"revisionDate":"2026-06-11T01:39:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"951aa26d-3665-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000912d53d0","releaseDate":"2026-06-09T01:01:53-07:00","cveNumber":"CVE-2026-10879","cveTitle":"DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:39:38-07:00","cweList":["CWE-787: Out-of-bounds Write"],"cweDetailsListForSearch":["cwe: CWE-787: Out-of-bounds Write","cweUrl: https://cwe.mitre.org/data/definitions/787.html"],"mitreText":"CVE-2026-10879","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10879","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"CPANSec","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"9.8","temporalScore":"9.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"NVD","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-787: Out-of-bounds Write","https://cwe.mitre.org/data/definitions/787.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-10879","version":1,"revisionDate":"2026-06-09T01:01:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"93dea4ca-9e63-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-10879","version":2,"revisionDate":"2026-06-11T01:39:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dfbe3f67-3665-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002060322a","releaseDate":"2026-06-09T01:01:30-07:00","cveNumber":"CVE-2026-49975","cveTitle":"Apache HTTP Server: mod_http2 denial of service","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-12T01:01:35-07:00","cweList":["CWE-789: Memory Allocation with Excessive Size Value"],"cweDetailsListForSearch":["cwe: CWE-789: Memory Allocation with Excessive Size Value","cweUrl: https://cwe.mitre.org/data/definitions/789.html"],"mitreText":"CVE-2026-49975","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-49975","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"apache","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-789: Memory Allocation with Excessive Size Value","https://cwe.mitre.org/data/definitions/789.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-49975","version":1,"revisionDate":"2026-06-09T01:01:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ff7a7bbf-9e63-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-49975","version":3,"revisionDate":"2026-06-12T01:01:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"08b98940-fa65-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-49975","version":2,"revisionDate":"2026-06-10T01:42:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"60f092af-6d64-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002944a0c3","releaseDate":"2026-06-07T01:02:54-07:00","cveNumber":"CVE-2026-8829","cveTitle":"HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:44:37-07:00","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"mitreText":"CVE-2026-8829","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-8829","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"CPANSec","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","vectorStringSource":"NVD","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-8829","version":1,"revisionDate":"2026-06-07T01:02:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"955e7699-0c62-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-8829","version":2,"revisionDate":"2026-06-08T14:40:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4eba3a00-4863-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-8829","version":3,"revisionDate":"2026-06-11T01:44:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"033cbf19-3765-f111-939e-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00000975b1e7","releaseDate":"2026-06-07T01:02:47-07:00","cveNumber":"CVE-2026-43958","cveTitle":"Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:39:21-07:00","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"mitreText":"CVE-2026-43958","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-43958","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-43958","version":1,"revisionDate":"2026-06-07T01:02:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8f5e7699-0c62-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-43958","version":3,"revisionDate":"2026-06-09T01:46:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1e1c1800-a563-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-43958","version":2,"revisionDate":"2026-06-08T14:40:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"91c549fe-4763-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-43958","version":4,"revisionDate":"2026-06-11T01:39:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"be80a359-3665-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006f61d5c2","releaseDate":"2026-06-07T01:02:38-07:00","cveNumber":"CVE-2026-5419","cveTitle":"Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:44:30-07:00","cweList":["CWE-208: Observable Timing Discrepancy"],"cweDetailsListForSearch":["cwe: CWE-208: Observable Timing Discrepancy","cweUrl: https://cwe.mitre.org/data/definitions/208.html"],"mitreText":"CVE-2026-5419","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5419","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"3.7","temporalScore":"3.7","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-208: Observable Timing Discrepancy","https://cwe.mitre.org/data/definitions/208.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-5419","version":1,"revisionDate":"2026-06-07T01:02:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9bed3f93-0c62-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-5419","version":2,"revisionDate":"2026-06-08T14:40:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3b7a45f8-4763-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-5419","version":3,"revisionDate":"2026-06-11T01:44:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d7afc414-3765-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000054d8122a","releaseDate":"2026-06-07T01:01:21-07:00","cveNumber":"CVE-2026-11332","cveTitle":"Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-11T01:44:24-07:00","cweList":["CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"],"cweDetailsListForSearch":["cwe: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')","cweUrl: https://cwe.mitre.org/data/definitions/88.html"],"mitreText":"CVE-2026-11332","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11332","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"redhat","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","vectorStringSource":"redhat","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')","https://cwe.mitre.org/data/definitions/88.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-11332","version":1,"revisionDate":"2026-06-07T01:01:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"721a1b63-0c62-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-11332","version":2,"revisionDate":"2026-06-08T14:39:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f18b6de2-4763-f111-93fb-000d3afbc7d7"},{"cveNumber":"CVE-2026-11332","version":3,"revisionDate":"2026-06-11T01:44:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"32dc0c0e-3765-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c8d9fd32","releaseDate":"2026-06-06T01:01:22-07:00","cveNumber":"CVE-2026-50292","cveTitle":"In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-09T01:45:39-07:00","cweList":["CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')"],"cweDetailsListForSearch":["cwe: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')","cweUrl: https://cwe.mitre.org/data/definitions/93.html"],"mitreText":"CVE-2026-50292","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50292","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.4","temporalScore":"7.4","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')","https://cwe.mitre.org/data/definitions/93.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-50292","version":2,"revisionDate":"2026-06-09T01:45:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"51e688eb-a463-f111-939e-000d3ac5fb71"},{"cveNumber":"CVE-2026-50292","version":1,"revisionDate":"2026-06-06T01:01:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0ecbe73a-4361-f111-93fb-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009d34e840","releaseDate":"2026-06-05T07:00:59-07:00","cveNumber":"CVE-2026-11092","cveTitle":"Chromium: CVE-2026-11092 Insufficient policy enforcement in DevTools","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:59-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11092","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11092","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11092","version":1,"revisionDate":"2026-06-05T07:00:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7550d682-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00004c371a3e","releaseDate":"2026-06-05T07:00:59-07:00","cveNumber":"CVE-2026-11039","cveTitle":"Chromium: CVE-2026-11039 Uninitialized Use in Skia","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:59-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11039","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11039","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11039","version":1,"revisionDate":"2026-06-05T07:00:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"924d835e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006483b3c0","releaseDate":"2026-06-05T07:00:59-07:00","cveNumber":"CVE-2026-10986","cveTitle":"Chromium: CVE-2026-10986 Integer overflow in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:59-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10986","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10986","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10986","version":1,"revisionDate":"2026-06-05T07:00:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b620673a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000010b014af","releaseDate":"2026-06-05T07:00:59-07:00","cveNumber":"CVE-2026-11255","cveTitle":"Chromium: CVE-2026-11255 Insufficient validation of untrusted input in Storage Access API","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:59-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11255","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11255","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11255","version":1,"revisionDate":"2026-06-05T07:00:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0bc302e9-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00004b2f8446","releaseDate":"2026-06-05T07:00:59-07:00","cveNumber":"CVE-2026-11199","cveTitle":"Chromium: CVE-2026-11199 Insufficient validation of untrusted input in WebRTC","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:59-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11199","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11199","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11199","version":1,"revisionDate":"2026-06-05T07:00:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6692dcca-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d6ce5b61","releaseDate":"2026-06-05T07:00:59-07:00","cveNumber":"CVE-2026-11147","cveTitle":"Chromium: CVE-2026-11147 Use after free in WebML","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:59-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11147","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11147","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11147","version":1,"revisionDate":"2026-06-05T07:00:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4b2de4a6-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e6a32be9","releaseDate":"2026-06-05T07:00:58-07:00","cveNumber":"CVE-2026-11198","cveTitle":"Chromium: CVE-2026-11198 Insufficient validation of untrusted input in Codecs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:58-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11198","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11198","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11198","version":1,"revisionDate":"2026-06-05T07:00:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ef30e4c4-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000071430304","releaseDate":"2026-06-05T07:00:58-07:00","cveNumber":"CVE-2026-11146","cveTitle":"Chromium: CVE-2026-11146 Insufficient validation of untrusted input in Chromoting","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:58-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11146","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11146","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11146","version":1,"revisionDate":"2026-06-05T07:00:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e91cdba0-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006e92de28","releaseDate":"2026-06-05T07:00:58-07:00","cveNumber":"CVE-2026-11091","cveTitle":"Chromium: CVE-2026-11091 Inappropriate implementation in Dawn","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:58-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11091","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11091","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11091","version":1,"revisionDate":"2026-06-05T07:00:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1540cd7c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000fff75a63","releaseDate":"2026-06-05T07:00:58-07:00","cveNumber":"CVE-2026-10985","cveTitle":"Chromium: CVE-2026-10985 Out of bounds read in Skia","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:58-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10985","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10985","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10985","version":1,"revisionDate":"2026-06-05T07:00:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a720673a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000753b6d0c","releaseDate":"2026-06-05T07:00:58-07:00","cveNumber":"CVE-2026-11254","cveTitle":"Chromium: CVE-2026-11254 Inappropriate implementation in Permissions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:58-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11254","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11254","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11254","version":1,"revisionDate":"2026-06-05T07:00:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"edc202e9-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00005e1f5857","releaseDate":"2026-06-05T07:00:57-07:00","cveNumber":"CVE-2026-11309","cveTitle":"Chromium: CVE-2026-11309 Insufficient policy enforcement in History","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:57-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11309","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11309","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11309","version":1,"revisionDate":"2026-06-05T07:00:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3e2c1a0d-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b26b017f","releaseDate":"2026-06-05T07:00:57-07:00","cveNumber":"CVE-2026-11253","cveTitle":"Chromium: CVE-2026-11253 Race in Permissions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:57-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11253","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11253","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11253","version":1,"revisionDate":"2026-06-05T07:00:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"dec202e9-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d1ce5b61","releaseDate":"2026-06-05T07:00:57-07:00","cveNumber":"CVE-2026-11197","cveTitle":"Chromium: CVE-2026-11197 Insufficient policy enforcement in Workers","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:57-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11197","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11197","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11197","version":1,"revisionDate":"2026-06-05T07:00:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"df30e4c4-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000f993fff9","releaseDate":"2026-06-05T07:00:57-07:00","cveNumber":"CVE-2026-11308","cveTitle":"Chromium: CVE-2026-11308 Inappropriate implementation in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:57-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11308","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11308","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11308","version":1,"revisionDate":"2026-06-05T07:00:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2f2c1a0d-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d31d3786","releaseDate":"2026-06-05T07:00:57-07:00","cveNumber":"CVE-2026-11090","cveTitle":"Chromium: CVE-2026-11090 Uninitialized Use in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:57-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11090","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11090","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11090","version":1,"revisionDate":"2026-06-05T07:00:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0440cd7c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b1c2729b","releaseDate":"2026-06-05T07:00:57-07:00","cveNumber":"CVE-2026-11038","cveTitle":"Chromium: CVE-2026-11038 Insufficient validation of untrusted input in Subresource Integrity","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:57-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11038","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11038","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11038","version":1,"revisionDate":"2026-06-05T07:00:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7f4d835e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003ce1a9a8","releaseDate":"2026-06-05T07:00:57-07:00","cveNumber":"CVE-2026-10933","cveTitle":"Chromium: CVE-2026-10933 Use after free in Audio","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:57-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10933","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10933","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10933","version":1,"revisionDate":"2026-06-05T07:00:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c2696016-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000066d28ee5","releaseDate":"2026-06-05T07:00:56-07:00","cveNumber":"CVE-2026-10881","cveTitle":"Chromium: CVE-2026-10881 Out of bounds read and write in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:56-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10881","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10881","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10881","version":1,"revisionDate":"2026-06-05T07:00:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a13c63f2-8260-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000017f759dc","releaseDate":"2026-06-05T07:00:56-07:00","cveNumber":"CVE-2026-11252","cveTitle":"Chromium: CVE-2026-11252 Policy bypass in Content Settings","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:56-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11252","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11252","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11252","version":1,"revisionDate":"2026-06-05T07:00:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cfc202e9-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a72c5249","releaseDate":"2026-06-05T07:00:56-07:00","cveNumber":"CVE-2026-11144","cveTitle":"Chromium: CVE-2026-11144 Use after free in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:56-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11144","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11144","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11144","version":1,"revisionDate":"2026-06-05T07:00:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ca1cdba0-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006c430304","releaseDate":"2026-06-05T07:00:56-07:00","cveNumber":"CVE-2026-11196","cveTitle":"Chromium: CVE-2026-11196 Type Confusion in XML","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:56-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11196","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11196","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11196","version":1,"revisionDate":"2026-06-05T07:00:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d030e4c4-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000047371a3e","releaseDate":"2026-06-05T07:00:56-07:00","cveNumber":"CVE-2026-11089","cveTitle":"Chromium: CVE-2026-11089 Uninitialized Use in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:56-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11089","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11089","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11089","version":1,"revisionDate":"2026-06-05T07:00:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f53fcd7c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d2d6f158","releaseDate":"2026-06-05T07:00:56-07:00","cveNumber":"CVE-2026-11037","cveTitle":"Chromium: CVE-2026-11037 Out of bounds write in Codecs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:56-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11037","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11037","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11037","version":1,"revisionDate":"2026-06-05T07:00:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"53646258-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000035e1a9a8","releaseDate":"2026-06-05T07:00:56-07:00","cveNumber":"CVE-2026-10983","cveTitle":"Chromium: CVE-2026-10983 Insufficient validation of untrusted input in Dawn","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:56-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10983","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10983","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10983","version":1,"revisionDate":"2026-06-05T07:00:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"add46234-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d755514b","releaseDate":"2026-06-05T07:00:56-07:00","cveNumber":"CVE-2026-10932","cveTitle":"Chromium: CVE-2026-10932 Use after free in UI","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:56-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10932","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10932","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10932","version":1,"revisionDate":"2026-06-05T07:00:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7aa76510-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000042a1f9eb","releaseDate":"2026-06-05T07:00:55-07:00","cveNumber":"CVE-2026-11143","cveTitle":"Chromium: CVE-2026-11143 Heap buffer overflow in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:55-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11143","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11143","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11143","version":1,"revisionDate":"2026-06-05T07:00:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bb1cdba0-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007c82b239","releaseDate":"2026-06-05T07:00:55-07:00","cveNumber":"CVE-2026-11251","cveTitle":"Chromium: CVE-2026-11251 Insufficient validation of untrusted input in Password Manager","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:55-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11251","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11251","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11251","version":1,"revisionDate":"2026-06-05T07:00:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c0c202e9-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00005091cdfc","releaseDate":"2026-06-05T07:00:55-07:00","cveNumber":"CVE-2026-11307","cveTitle":"Chromium: CVE-2026-11307 Use after free in PDFium","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:55-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11307","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11307","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11307","version":1,"revisionDate":"2026-06-05T07:00:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1e2c1a0d-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000007b8aaa6","releaseDate":"2026-06-05T07:00:55-07:00","cveNumber":"CVE-2026-11195","cveTitle":"Chromium: CVE-2026-11195 Inappropriate implementation in MHTML","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:55-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11195","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11195","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11195","version":1,"revisionDate":"2026-06-05T07:00:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c130e4c4-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000eb05759f","releaseDate":"2026-06-05T07:00:55-07:00","cveNumber":"CVE-2026-11306","cveTitle":"Chromium: CVE-2026-11306 Use after free in PDFium","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:55-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11306","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11306","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11306","version":1,"revisionDate":"2026-06-05T07:00:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0f2c1a0d-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000acc2729b","releaseDate":"2026-06-05T07:00:55-07:00","cveNumber":"CVE-2026-11088","cveTitle":"Chromium: CVE-2026-11088 Integer overflow in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:55-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11088","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11088","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11088","version":1,"revisionDate":"2026-06-05T07:00:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e63fcd7c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000037624ab6","releaseDate":"2026-06-05T07:00:55-07:00","cveNumber":"CVE-2026-11036","cveTitle":"Chromium: CVE-2026-11036 Inappropriate implementation in DOM","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:55-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11036","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11036","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11036","version":1,"revisionDate":"2026-06-05T07:00:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"41646258-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000072caf8ed","releaseDate":"2026-06-05T07:00:55-07:00","cveNumber":"CVE-2026-10931","cveTitle":"Chromium: CVE-2026-10931 Use after free in FileSystem","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:55-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10931","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10931","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10931","version":1,"revisionDate":"2026-06-05T07:00:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6aa76510-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000d3fa090","releaseDate":"2026-06-05T07:00:54-07:00","cveNumber":"CVE-2026-10930","cveTitle":"Chromium: CVE-2026-10930 Out of bounds read in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:54-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10930","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10930","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10930","version":1,"revisionDate":"2026-06-05T07:00:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5ba76510-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000dd15a18e","releaseDate":"2026-06-05T07:00:54-07:00","cveNumber":"CVE-2026-11142","cveTitle":"Chromium: CVE-2026-11142 Policy bypass in Paint","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:54-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11142","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11142","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11142","version":1,"revisionDate":"2026-06-05T07:00:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ac1cdba0-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000cdd6f158","releaseDate":"2026-06-05T07:00:54-07:00","cveNumber":"CVE-2026-11087","cveTitle":"Chromium: CVE-2026-11087 Uninitialized Use in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:54-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11087","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11087","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11087","version":1,"revisionDate":"2026-06-05T07:00:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d73fcd7c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d055514b","releaseDate":"2026-06-05T07:00:54-07:00","cveNumber":"CVE-2026-10982","cveTitle":"Chromium: CVE-2026-10982 Use after free in WebXR","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:54-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10982","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10982","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10982","version":1,"revisionDate":"2026-06-05T07:00:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9ed46234-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e10d0b97","releaseDate":"2026-06-05T07:00:53-07:00","cveNumber":"CVE-2026-11250","cveTitle":"Chromium: CVE-2026-11250 Inappropriate implementation in DevTools","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:53-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11250","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11250","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11250","version":1,"revisionDate":"2026-06-05T07:00:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b1c202e9-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a22c5249","releaseDate":"2026-06-05T07:00:53-07:00","cveNumber":"CVE-2026-11194","cveTitle":"Chromium: CVE-2026-11194 Inappropriate implementation in Network","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:53-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11194","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11194","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11194","version":1,"revisionDate":"2026-06-05T07:00:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b230e4c4-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00001aa87eb7","releaseDate":"2026-06-05T07:00:53-07:00","cveNumber":"CVE-2026-11305","cveTitle":"Chromium: CVE-2026-11305 Use after free in PDFium","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:53-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11305","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11305","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11305","version":1,"revisionDate":"2026-06-05T07:00:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"002c1a0d-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000032624ab6","releaseDate":"2026-06-05T07:00:53-07:00","cveNumber":"CVE-2026-11086","cveTitle":"Chromium: CVE-2026-11086 Insufficient validation of untrusted input in Dawn","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:53-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11086","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11086","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11086","version":1,"revisionDate":"2026-06-05T07:00:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c53fcd7c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006bcaf8ed","releaseDate":"2026-06-05T07:00:53-07:00","cveNumber":"CVE-2026-10981","cveTitle":"Chromium: CVE-2026-10981 Insufficient validation of untrusted input in Codecs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:53-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10981","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10981","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10981","version":1,"revisionDate":"2026-06-05T07:00:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8fd46234-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00005527ee4e","releaseDate":"2026-06-05T07:00:52-07:00","cveNumber":"CVE-2026-11249","cveTitle":"Chromium: CVE-2026-11249 Use after free in Network","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:52-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11249","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11249","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11249","version":1,"revisionDate":"2026-06-05T07:00:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9cc202e9-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b51c265a","releaseDate":"2026-06-05T07:00:52-07:00","cveNumber":"CVE-2026-11304","cveTitle":"Chromium: CVE-2026-11304 Use after free in PDFium","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:52-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11304","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11304","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11304","version":1,"revisionDate":"2026-06-05T07:00:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ef2b1a0d-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000788a4831","releaseDate":"2026-06-05T07:00:52-07:00","cveNumber":"CVE-2026-11141","cveTitle":"Chromium: CVE-2026-11141 Uninitialized Use in Audio","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:52-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11141","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11141","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11141","version":1,"revisionDate":"2026-06-05T07:00:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"971cdba0-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000063fa090","releaseDate":"2026-06-05T07:00:52-07:00","cveNumber":"CVE-2026-10980","cveTitle":"Chromium: CVE-2026-10980 Insufficient validation of untrusted input in DevTools","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:52-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10980","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10980","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10980","version":1,"revisionDate":"2026-06-05T07:00:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7ed46234-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003da1f9eb","releaseDate":"2026-06-05T07:00:52-07:00","cveNumber":"CVE-2026-11193","cveTitle":"Chromium: CVE-2026-11193 Insufficient policy enforcement in Password Manager","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:52-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11193","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11193","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11193","version":1,"revisionDate":"2026-06-05T07:00:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9f30e4c4-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003ea98fe3","releaseDate":"2026-06-05T07:00:52-07:00","cveNumber":"CVE-2026-11033","cveTitle":"Chromium: CVE-2026-11033 Uninitialized Use in WebML","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:52-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11033","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11033","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11033","version":1,"revisionDate":"2026-06-05T07:00:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0e646258-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000349a647b","releaseDate":"2026-06-05T07:00:52-07:00","cveNumber":"CVE-2026-10928","cveTitle":"Chromium: CVE-2026-10928 Script injection in Headless","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:52-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10928","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10928","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10928","version":1,"revisionDate":"2026-06-05T07:00:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"37a76510-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000bab246ac","releaseDate":"2026-06-05T07:00:51-07:00","cveNumber":"CVE-2026-11248","cveTitle":"Chromium: CVE-2026-11248 Policy bypass in Google Lens","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:51-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11248","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11248","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11248","version":1,"revisionDate":"2026-06-05T07:00:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8dc202e9-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000bc636b87","releaseDate":"2026-06-05T07:00:51-07:00","cveNumber":"CVE-2026-11303","cveTitle":"Chromium: CVE-2026-11303 Use after free in PDFium","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:51-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11303","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11303","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11303","version":1,"revisionDate":"2026-06-05T07:00:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e02b1a0d-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000013ffefd3","releaseDate":"2026-06-05T07:00:51-07:00","cveNumber":"CVE-2026-11140","cveTitle":"Chromium: CVE-2026-11140 Insufficient validation of untrusted input in Chromecast","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:51-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11140","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11140","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11140","version":1,"revisionDate":"2026-06-05T07:00:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"881cdba0-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000003c0409e","releaseDate":"2026-06-05T07:00:51-07:00","cveNumber":"CVE-2026-11085","cveTitle":"Chromium: CVE-2026-11085 Integer overflow in GPU","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:51-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11085","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11085","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11085","version":1,"revisionDate":"2026-06-05T07:00:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b63fcd7c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a334e840","releaseDate":"2026-06-05T07:00:51-07:00","cveNumber":"CVE-2026-11032","cveTitle":"Chromium: CVE-2026-11032 Insufficient data validation in Password Manager","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:51-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11032","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11032","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11032","version":1,"revisionDate":"2026-06-05T07:00:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ff636258-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009625bdd8","releaseDate":"2026-06-05T07:00:51-07:00","cveNumber":"CVE-2026-10979","cveTitle":"Chromium: CVE-2026-10979 Out of bounds read in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:51-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10979","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10979","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10979","version":1,"revisionDate":"2026-06-05T07:00:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6fd46234-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d815a18e","releaseDate":"2026-06-05T07:00:51-07:00","cveNumber":"CVE-2026-11192","cveTitle":"Chromium: CVE-2026-11192 Insufficient validation of untrusted input in Password Manager","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:51-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11192","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11192","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11192","version":1,"revisionDate":"2026-06-05T07:00:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9030e4c4-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000cf0e0c1e","releaseDate":"2026-06-05T07:00:51-07:00","cveNumber":"CVE-2026-10927","cveTitle":"Chromium: CVE-2026-10927 Out of bounds read in Dawn","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:51-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10927","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10927","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10927","version":1,"revisionDate":"2026-06-05T07:00:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"28a76510-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000512f8446","releaseDate":"2026-06-05T07:00:50-07:00","cveNumber":"CVE-2026-11139","cveTitle":"Chromium: CVE-2026-11139 Policy bypass in Paint","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:50-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11139","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11139","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11139","version":1,"revisionDate":"2026-06-05T07:00:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"791cdba0-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007492de28","releaseDate":"2026-06-05T07:00:50-07:00","cveNumber":"CVE-2026-11031","cveTitle":"Chromium: CVE-2026-11031 Insufficient validation of untrusted input in Password Manager","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:50-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11031","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11031","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11031","version":1,"revisionDate":"2026-06-05T07:00:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f0636258-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006a83b3c0","releaseDate":"2026-06-05T07:00:50-07:00","cveNumber":"CVE-2026-10926","cveTitle":"Chromium: CVE-2026-10926 Use after free in Cast","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:50-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10926","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10926","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10926","version":1,"revisionDate":"2026-06-05T07:00:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"19a76510-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000738a4831","releaseDate":"2026-06-05T07:00:50-07:00","cveNumber":"CVE-2026-11191","cveTitle":"Chromium: CVE-2026-11191 Out of bounds memory access in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:50-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11191","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11191","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11191","version":1,"revisionDate":"2026-06-05T07:00:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8130e4c4-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000684b99fb","releaseDate":"2026-06-05T07:00:50-07:00","cveNumber":"CVE-2026-11084","cveTitle":"Chromium: CVE-2026-11084 Inappropriate implementation in Password Manager","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:50-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11084","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11084","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11084","version":1,"revisionDate":"2026-06-05T07:00:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a73fcd7c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000319a647b","releaseDate":"2026-06-05T07:00:50-07:00","cveNumber":"CVE-2026-10978","cveTitle":"Chromium: CVE-2026-10978 Use after free in Chromoting","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:50-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10978","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10978","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10978","version":1,"revisionDate":"2026-06-05T07:00:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5fd46234-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000ac24bc51","releaseDate":"2026-06-05T07:00:49-07:00","cveNumber":"CVE-2026-11246","cveTitle":"Chromium: CVE-2026-11246 Insufficient validation of untrusted input in IndexedDB","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:49-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11246","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11246","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11246","version":1,"revisionDate":"2026-06-05T07:00:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2fb2f9e2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000eca32be9","releaseDate":"2026-06-05T07:00:49-07:00","cveNumber":"CVE-2026-11138","cveTitle":"Chromium: CVE-2026-11138 Uninitialized Use in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:49-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11138","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11138","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11138","version":1,"revisionDate":"2026-06-05T07:00:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6a1cdba0-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000039a98fe3","releaseDate":"2026-06-05T07:00:49-07:00","cveNumber":"CVE-2026-11083","cveTitle":"Chromium: CVE-2026-11083 Inappropriate implementation in Password Manager","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:49-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11083","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11083","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11083","version":1,"revisionDate":"2026-06-05T07:00:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"983fcd7c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000cc0e0c1e","releaseDate":"2026-06-05T07:00:49-07:00","cveNumber":"CVE-2026-10977","cveTitle":"Chromium: CVE-2026-10977 Uninitialized Use in Skia","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:49-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10977","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10977","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10977","version":1,"revisionDate":"2026-06-05T07:00:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"50d46234-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000005f85a63","releaseDate":"2026-06-05T07:00:49-07:00","cveNumber":"CVE-2026-10925","cveTitle":"Chromium: CVE-2026-10925 Out of bounds write in Skia","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:49-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10925","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10925","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10925","version":1,"revisionDate":"2026-06-05T07:00:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0aa76510-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000011b014af","releaseDate":"2026-06-05T07:00:48-07:00","cveNumber":"CVE-2026-11245","cveTitle":"Chromium: CVE-2026-11245 Inappropriate implementation in Payments","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:48-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11245","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11245","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11245","version":1,"revisionDate":"2026-06-05T07:00:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1db2f9e2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d91d3786","releaseDate":"2026-06-05T07:00:48-07:00","cveNumber":"CVE-2026-11030","cveTitle":"Chromium: CVE-2026-11030 Use after free in Network","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:48-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11030","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11030","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11030","version":1,"revisionDate":"2026-06-05T07:00:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"de636258-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000effefd3","releaseDate":"2026-06-05T07:00:48-07:00","cveNumber":"CVE-2026-11190","cveTitle":"Chromium: CVE-2026-11190 Insufficient policy enforcement in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:48-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11190","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11190","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11190","version":1,"revisionDate":"2026-06-05T07:00:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ec0be7be-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000867a1c42","releaseDate":"2026-06-05T07:00:48-07:00","cveNumber":"CVE-2026-11301","cveTitle":"Chromium: CVE-2026-11301 Out of bounds read in LiveCaption","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:48-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11301","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11301","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11301","version":1,"revisionDate":"2026-06-05T07:00:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"eea21a07-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d7ce5b61","releaseDate":"2026-06-05T07:00:48-07:00","cveNumber":"CVE-2026-11137","cveTitle":"Chromium: CVE-2026-11137 Uninitialized Use in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:48-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11137","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11137","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11137","version":1,"revisionDate":"2026-06-05T07:00:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"91bce29a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006783b3c0","releaseDate":"2026-06-05T07:00:48-07:00","cveNumber":"CVE-2026-10976","cveTitle":"Chromium: CVE-2026-10976 Uninitialized Use in Dawn","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:48-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10976","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10976","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10976","version":1,"revisionDate":"2026-06-05T07:00:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3fd46234-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00004c2f8446","releaseDate":"2026-06-05T07:00:47-07:00","cveNumber":"CVE-2026-11189","cveTitle":"Chromium: CVE-2026-11189 Insufficient validation of untrusted input in DevTools","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:47-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11189","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11189","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11189","version":1,"revisionDate":"2026-06-05T07:00:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d90be7be-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000021efc3e4","releaseDate":"2026-06-05T07:00:47-07:00","cveNumber":"CVE-2026-11300","cveTitle":"Chromium: CVE-2026-11300 Inappropriate implementation in Permissions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:47-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11300","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11300","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11300","version":1,"revisionDate":"2026-06-05T07:00:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"dda21a07-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000763b6d0c","releaseDate":"2026-06-05T07:00:47-07:00","cveNumber":"CVE-2026-11244","cveTitle":"Chromium: CVE-2026-11244 Insufficient validation of untrusted input in WebAuthentication","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:47-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11244","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11244","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11244","version":1,"revisionDate":"2026-06-05T07:00:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0bb2f9e2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006f92de28","releaseDate":"2026-06-05T07:00:47-07:00","cveNumber":"CVE-2026-11081","cveTitle":"Chromium: CVE-2026-11081 Policy bypass in Canvas","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:47-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11081","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11081","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11081","version":1,"revisionDate":"2026-06-05T07:00:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f755cb76-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000002f85a63","releaseDate":"2026-06-05T07:00:47-07:00","cveNumber":"CVE-2026-10975","cveTitle":"Chromium: CVE-2026-10975 Use after free in WebRTC","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:47-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10975","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10975","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10975","version":1,"revisionDate":"2026-06-05T07:00:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"30d46234-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a06c0206","releaseDate":"2026-06-05T07:00:47-07:00","cveNumber":"CVE-2026-10924","cveTitle":"Chromium: CVE-2026-10924 Integer overflow in Chromecast","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:47-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10924","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10924","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10924","version":1,"revisionDate":"2026-06-05T07:00:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f5a66510-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b36b017f","releaseDate":"2026-06-05T07:00:46-07:00","cveNumber":"CVE-2026-11243","cveTitle":"Chromium: CVE-2026-11243 Incorrect security UI in Downloads","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:46-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11243","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11243","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11243","version":1,"revisionDate":"2026-06-05T07:00:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fcb1f9e2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00005027ee4e","releaseDate":"2026-06-05T07:00:46-07:00","cveNumber":"CVE-2026-11299","cveTitle":"Chromium: CVE-2026-11299 Out of bounds read in Fonts","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:46-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11299","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11299","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11299","version":1,"revisionDate":"2026-06-05T07:00:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cea21a07-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000072430304","releaseDate":"2026-06-05T07:00:46-07:00","cveNumber":"CVE-2026-11136","cveTitle":"Chromium: CVE-2026-11136 Use after free in Canvas","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:46-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11136","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11136","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11136","version":1,"revisionDate":"2026-06-05T07:00:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"82bce29a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b2c2729b","releaseDate":"2026-06-05T07:00:46-07:00","cveNumber":"CVE-2026-11028","cveTitle":"Chromium: CVE-2026-11028 Use after free in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:46-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11028","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11028","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11028","version":1,"revisionDate":"2026-06-05T07:00:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"937a6052-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009d6c0206","releaseDate":"2026-06-05T07:00:46-07:00","cveNumber":"CVE-2026-10974","cveTitle":"Chromium: CVE-2026-10974 Insufficient validation of untrusted input in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:46-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10974","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10974","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10974","version":1,"revisionDate":"2026-06-05T07:00:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"419c522e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d3d6f158","releaseDate":"2026-06-05T07:00:45-07:00","cveNumber":"CVE-2026-11027","cveTitle":"Chromium: CVE-2026-11027 Insufficient validation of untrusted input in Glic","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:45-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11027","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11027","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11027","version":1,"revisionDate":"2026-06-05T07:00:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"847a6052-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000018f759dc","releaseDate":"2026-06-05T07:00:45-07:00","cveNumber":"CVE-2026-11242","cveTitle":"Chromium: CVE-2026-11242 Insufficient validation of untrusted input in Plugins","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:45-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11242","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11242","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11242","version":1,"revisionDate":"2026-06-05T07:00:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"edb1f9e2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d2ce5b61","releaseDate":"2026-06-05T07:00:45-07:00","cveNumber":"CVE-2026-11187","cveTitle":"Chromium: CVE-2026-11187 Insufficient policy enforcement in Glic","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:45-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11187","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11187","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11187","version":1,"revisionDate":"2026-06-05T07:00:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ba0be7be-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000db8aaa6","releaseDate":"2026-06-05T07:00:45-07:00","cveNumber":"CVE-2026-11135","cveTitle":"Chromium: CVE-2026-11135 Insufficient policy enforcement in Autofill","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:45-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11135","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11135","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11135","version":1,"revisionDate":"2026-06-05T07:00:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"73bce29a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000048371a3e","releaseDate":"2026-06-05T07:00:45-07:00","cveNumber":"CVE-2026-11079","cveTitle":"Chromium: CVE-2026-11079 Insufficient validation of untrusted input in Codecs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:45-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11079","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11079","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11079","version":1,"revisionDate":"2026-06-05T07:00:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d955cb76-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000038e1a9a8","releaseDate":"2026-06-05T07:00:45-07:00","cveNumber":"CVE-2026-10973","cveTitle":"Chromium: CVE-2026-10973 Uninitialized Use in Dawn","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:45-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10973","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10973","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10973","version":1,"revisionDate":"2026-06-05T07:00:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"329c522e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d655514b","releaseDate":"2026-06-05T07:00:45-07:00","cveNumber":"CVE-2026-10922","cveTitle":"Chromium: CVE-2026-10922 Insufficient validation of untrusted input in DevTools","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:45-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10922","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10922","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10922","version":1,"revisionDate":"2026-06-05T07:00:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cce46a0a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007d82b239","releaseDate":"2026-06-05T07:00:44-07:00","cveNumber":"CVE-2026-11241","cveTitle":"Chromium: CVE-2026-11241 Insufficient validation of untrusted input in Cast","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:44-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11241","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11241","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11241","version":1,"revisionDate":"2026-06-05T07:00:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"deb1f9e2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000043a1f9eb","releaseDate":"2026-06-05T07:00:44-07:00","cveNumber":"CVE-2026-11133","cveTitle":"Chromium: CVE-2026-11133 Insufficient policy enforcement in Paint","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:44-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11133","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11133","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11133","version":1,"revisionDate":"2026-06-05T07:00:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"53bce29a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a82c5249","releaseDate":"2026-06-05T07:00:44-07:00","cveNumber":"CVE-2026-11134","cveTitle":"Chromium: CVE-2026-11134 Insufficient data validation in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:44-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11134","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11134","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11134","version":1,"revisionDate":"2026-06-05T07:00:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"62bce29a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000038624ab6","releaseDate":"2026-06-05T07:00:44-07:00","cveNumber":"CVE-2026-11026","cveTitle":"Chromium: CVE-2026-11026 Insufficient policy enforcement in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:44-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11026","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11026","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11026","version":1,"revisionDate":"2026-06-05T07:00:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"757a6052-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006d430304","releaseDate":"2026-06-05T07:00:44-07:00","cveNumber":"CVE-2026-11186","cveTitle":"Chromium: CVE-2026-11186 Inappropriate implementation in CSS","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:44-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11186","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11186","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11186","version":1,"revisionDate":"2026-06-05T07:00:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ab0be7be-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000adc2729b","releaseDate":"2026-06-05T07:00:44-07:00","cveNumber":"CVE-2026-11078","cveTitle":"Chromium: CVE-2026-11078 Insufficient validation of untrusted input in FileSystem","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:44-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11078","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11078","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11078","version":1,"revisionDate":"2026-06-05T07:00:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ca55cb76-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d355514b","releaseDate":"2026-06-05T07:00:44-07:00","cveNumber":"CVE-2026-10972","cveTitle":"Chromium: CVE-2026-10972 Use after free in Ozone","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:44-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10972","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10972","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10972","version":1,"revisionDate":"2026-06-05T07:00:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"239c522e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000071caf8ed","releaseDate":"2026-06-05T07:00:44-07:00","cveNumber":"CVE-2026-10921","cveTitle":"Chromium: CVE-2026-10921 Integer overflow in Dawn","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:44-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10921","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10921","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10921","version":1,"revisionDate":"2026-06-05T07:00:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bde46a0a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e20d0b97","releaseDate":"2026-06-05T07:00:43-07:00","cveNumber":"CVE-2026-11240","cveTitle":"Chromium: CVE-2026-11240 Insufficient validation of untrusted input in Loader","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:43-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11240","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11240","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11240","version":1,"revisionDate":"2026-06-05T07:00:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cbb1f9e2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000008b8aaa6","releaseDate":"2026-06-05T07:00:43-07:00","cveNumber":"CVE-2026-11185","cveTitle":"Chromium: CVE-2026-11185 Use after free in V8","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:43-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11185","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11185","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11185","version":1,"revisionDate":"2026-06-05T07:00:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"980be7be-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a724bc51","releaseDate":"2026-06-05T07:00:43-07:00","cveNumber":"CVE-2026-11296","cveTitle":"Chromium: CVE-2026-11296 Inappropriate implementation in ImageCapture","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:43-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11296","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11296","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11296","version":1,"revisionDate":"2026-06-05T07:00:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a1a21a07-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000009c0409e","releaseDate":"2026-06-05T07:00:43-07:00","cveNumber":"CVE-2026-11025","cveTitle":"Chromium: CVE-2026-11025 Insufficient policy enforcement in Navigation","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:43-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11025","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11025","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11025","version":1,"revisionDate":"2026-06-05T07:00:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"617a6052-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000c3fa090","releaseDate":"2026-06-05T07:00:43-07:00","cveNumber":"CVE-2026-10920","cveTitle":"Chromium: CVE-2026-10920 Insufficient validation of untrusted input in WebShare","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:43-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10920","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10920","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10920","version":1,"revisionDate":"2026-06-05T07:00:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"abe46a0a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000de15a18e","releaseDate":"2026-06-05T07:00:42-07:00","cveNumber":"CVE-2026-11132","cveTitle":"Chromium: CVE-2026-11132 Policy bypass in Paint","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:42-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11132","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11132","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11132","version":1,"revisionDate":"2026-06-05T07:00:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"40bce29a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00005627ee4e","releaseDate":"2026-06-05T07:00:42-07:00","cveNumber":"CVE-2026-11239","cveTitle":"Chromium: CVE-2026-11239 Insufficient validation of untrusted input in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:42-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11239","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11239","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11239","version":1,"revisionDate":"2026-06-05T07:00:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"bab1f9e2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a32c5249","releaseDate":"2026-06-05T07:00:42-07:00","cveNumber":"CVE-2026-11184","cveTitle":"Chromium: CVE-2026-11184 Insufficient policy enforcement in Actor","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:42-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11184","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11184","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11184","version":1,"revisionDate":"2026-06-05T07:00:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"890be7be-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006e4b99fb","releaseDate":"2026-06-05T07:00:42-07:00","cveNumber":"CVE-2026-11024","cveTitle":"Chromium: CVE-2026-11024 Stack buffer overflow in Skia","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:42-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11024","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11024","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11024","version":1,"revisionDate":"2026-06-05T07:00:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"527a6052-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006ecaf8ed","releaseDate":"2026-06-05T07:00:42-07:00","cveNumber":"CVE-2026-10971","cveTitle":"Chromium: CVE-2026-10971 Insufficient validation of untrusted input in Printing","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:42-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10971","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10971","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10971","version":1,"revisionDate":"2026-06-05T07:00:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"119c522e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009c25bdd8","releaseDate":"2026-06-05T07:00:42-07:00","cveNumber":"CVE-2026-10919","cveTitle":"Chromium: CVE-2026-10919 Use after free in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:42-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10919","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10919","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10919","version":1,"revisionDate":"2026-06-05T07:00:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9be46a0a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000713b6d0c","releaseDate":"2026-06-05T07:00:41-07:00","cveNumber":"CVE-2026-11294","cveTitle":"Chromium: CVE-2026-11294 Inappropriate implementation in Passwords","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:41-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11294","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11294","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11294","version":1,"revisionDate":"2026-06-05T07:00:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"81a21a07-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000bbb246ac","releaseDate":"2026-06-05T07:00:41-07:00","cveNumber":"CVE-2026-11238","cveTitle":"Chromium: CVE-2026-11238 Inappropriate implementation in DevTools","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:41-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11238","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11238","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11238","version":1,"revisionDate":"2026-06-05T07:00:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"abb1f9e2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000033624ab6","releaseDate":"2026-06-05T07:00:41-07:00","cveNumber":"CVE-2026-11076","cveTitle":"Chromium: CVE-2026-11076 Type Confusion in CSS","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:41-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11076","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11076","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11076","version":1,"revisionDate":"2026-06-05T07:00:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"aa55cb76-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000093fa090","releaseDate":"2026-06-05T07:00:41-07:00","cveNumber":"CVE-2026-10970","cveTitle":"Chromium: CVE-2026-10970 Insufficient validation of untrusted input in InterestGroups","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:41-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10970","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10970","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10970","version":1,"revisionDate":"2026-06-05T07:00:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"029c522e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000379a647b","releaseDate":"2026-06-05T07:00:41-07:00","cveNumber":"CVE-2026-10918","cveTitle":"Chromium: CVE-2026-10918 Use after free in Viz","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:41-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10918","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10918","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10918","version":1,"revisionDate":"2026-06-05T07:00:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8ce46a0a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000ae6b017f","releaseDate":"2026-06-05T07:00:40-07:00","cveNumber":"CVE-2026-11293","cveTitle":"Chromium: CVE-2026-11293 Use after free in Input","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:40-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11293","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11293","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11293","version":1,"revisionDate":"2026-06-05T07:00:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3f7e1d01-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003fa98fe3","releaseDate":"2026-06-05T07:00:40-07:00","cveNumber":"CVE-2026-11023","cveTitle":"Chromium: CVE-2026-11023 Insufficient validation of untrusted input in WebAppInstalls","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:40-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11023","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11023","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11023","version":1,"revisionDate":"2026-06-05T07:00:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"437a6052-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d20e0c1e","releaseDate":"2026-06-05T07:00:40-07:00","cveNumber":"CVE-2026-10917","cveTitle":"Chromium: CVE-2026-10917 Insufficient validation of untrusted input in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:40-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10917","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10917","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10917","version":1,"revisionDate":"2026-06-05T07:00:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7ce46a0a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000489963f4","releaseDate":"2026-06-05T07:00:40-07:00","cveNumber":"CVE-2026-11237","cveTitle":"Chromium: CVE-2026-11237 Insufficient validation of untrusted input in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:40-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11237","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11237","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11237","version":1,"revisionDate":"2026-06-05T07:00:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9bb1f9e2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d915a18e","releaseDate":"2026-06-05T07:00:40-07:00","cveNumber":"CVE-2026-11182","cveTitle":"Chromium: CVE-2026-11182 Inappropriate implementation in SVG","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:40-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11182","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11182","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11182","version":1,"revisionDate":"2026-06-05T07:00:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6b0be7be-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000014ffefd3","releaseDate":"2026-06-05T07:00:40-07:00","cveNumber":"CVE-2026-11130","cveTitle":"Chromium: CVE-2026-11130 Use after free in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:40-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11130","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11130","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11130","version":1,"revisionDate":"2026-06-05T07:00:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"20bce29a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000004c0409e","releaseDate":"2026-06-05T07:00:40-07:00","cveNumber":"CVE-2026-11075","cveTitle":"Chromium: CVE-2026-11075 Out of bounds read in V8","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:40-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11075","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11075","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11075","version":1,"revisionDate":"2026-06-05T07:00:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9a55cb76-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009525bdd8","releaseDate":"2026-06-05T07:00:40-07:00","cveNumber":"CVE-2026-10969","cveTitle":"Chromium: CVE-2026-10969 Insufficient validation of untrusted input in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:40-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10969","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10969","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10969","version":1,"revisionDate":"2026-06-05T07:00:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f39b522e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000013f759dc","releaseDate":"2026-06-05T07:00:39-07:00","cveNumber":"CVE-2026-11292","cveTitle":"Chromium: CVE-2026-11292 Policy bypass in Blink","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:39-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11292","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11292","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11292","version":1,"revisionDate":"2026-06-05T07:00:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"307e1d01-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000ad24bc51","releaseDate":"2026-06-05T07:00:39-07:00","cveNumber":"CVE-2026-11236","cveTitle":"Chromium: CVE-2026-11236 Insufficient policy enforcement in Web Bluetooth","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:39-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11236","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11236","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11236","version":1,"revisionDate":"2026-06-05T07:00:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"dc65f5dc-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000309a647b","releaseDate":"2026-06-05T07:00:39-07:00","cveNumber":"CVE-2026-10968","cveTitle":"Chromium: CVE-2026-10968 Insufficient validation of untrusted input in Dawn","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:39-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10968","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10968","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10968","version":1,"revisionDate":"2026-06-05T07:00:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e49b522e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000748a4831","releaseDate":"2026-06-05T07:00:39-07:00","cveNumber":"CVE-2026-11181","cveTitle":"Chromium: CVE-2026-11181 Inappropriate implementation in Media Session","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:39-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11181","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11181","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11181","version":1,"revisionDate":"2026-06-05T07:00:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d085e7b8-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000522f8446","releaseDate":"2026-06-05T07:00:39-07:00","cveNumber":"CVE-2026-11129","cveTitle":"Chromium: CVE-2026-11129 Inappropriate implementation in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:39-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11129","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11129","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11129","version":1,"revisionDate":"2026-06-05T07:00:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"11bce29a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000694b99fb","releaseDate":"2026-06-05T07:00:39-07:00","cveNumber":"CVE-2026-11074","cveTitle":"Chromium: CVE-2026-11074 Use after free in WebRTC","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:39-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11074","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11074","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11074","version":1,"revisionDate":"2026-06-05T07:00:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8b55cb76-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a434e840","releaseDate":"2026-06-05T07:00:39-07:00","cveNumber":"CVE-2026-11022","cveTitle":"Chromium: CVE-2026-11022 Insufficient validation of untrusted input in DevTools","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:39-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11022","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11022","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11022","version":1,"revisionDate":"2026-06-05T07:00:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"327a6052-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006d83b3c0","releaseDate":"2026-06-05T07:00:39-07:00","cveNumber":"CVE-2026-10916","cveTitle":"Chromium: CVE-2026-10916 Insufficient validation of untrusted input in DevTools","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:39-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10916","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10916","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10916","version":1,"revisionDate":"2026-06-05T07:00:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6de46a0a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000012b014af","releaseDate":"2026-06-05T07:00:38-07:00","cveNumber":"CVE-2026-11235","cveTitle":"Chromium: CVE-2026-11235 Insufficient validation of untrusted input in Compositing","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:38-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11235","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11235","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11235","version":1,"revisionDate":"2026-06-05T07:00:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cd65f5dc-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003aa98fe3","releaseDate":"2026-06-05T07:00:38-07:00","cveNumber":"CVE-2026-11073","cveTitle":"Chromium: CVE-2026-11073 Use after free in WebGL","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:38-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11073","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11073","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11073","version":1,"revisionDate":"2026-06-05T07:00:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7c55cb76-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000eda32be9","releaseDate":"2026-06-05T07:00:38-07:00","cveNumber":"CVE-2026-11128","cveTitle":"Chromium: CVE-2026-11128 Insufficient validation of untrusted input in Web Share","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:38-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11128","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11128","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11128","version":1,"revisionDate":"2026-06-05T07:00:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"35fce794-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007592de28","releaseDate":"2026-06-05T07:00:38-07:00","cveNumber":"CVE-2026-11021","cveTitle":"Chromium: CVE-2026-11021 Insufficient validation of untrusted input in GPU","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:38-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11021","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11021","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11021","version":1,"revisionDate":"2026-06-05T07:00:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"237a6052-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000773b6d0c","releaseDate":"2026-06-05T07:00:37-07:00","cveNumber":"CVE-2026-11234","cveTitle":"Chromium: CVE-2026-11234 Insufficient policy enforcement in FoldableAPIs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:37-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11234","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11234","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11234","version":1,"revisionDate":"2026-06-05T07:00:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ba65f5dc-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000fffefd3","releaseDate":"2026-06-05T07:00:37-07:00","cveNumber":"CVE-2026-11180","cveTitle":"Chromium: CVE-2026-11180 Policy bypass in SVG","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:37-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11180","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11180","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11180","version":1,"revisionDate":"2026-06-05T07:00:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"be85e7b8-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000da1d3786","releaseDate":"2026-06-05T07:00:37-07:00","cveNumber":"CVE-2026-11020","cveTitle":"Chromium: CVE-2026-11020 Inappropriate implementation in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:37-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11020","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11020","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11020","version":1,"revisionDate":"2026-06-05T07:00:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"107a6052-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006683b3c0","releaseDate":"2026-06-05T07:00:37-07:00","cveNumber":"CVE-2026-10966","cveTitle":"Chromium: CVE-2026-10966 Insufficient validation of untrusted input in Codecs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:37-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10966","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10966","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10966","version":1,"revisionDate":"2026-06-05T07:00:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c49b522e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a36c0206","releaseDate":"2026-06-05T07:00:37-07:00","cveNumber":"CVE-2026-10914","cveTitle":"Chromium: CVE-2026-10914 Use after free in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:37-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10914","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10914","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10914","version":1,"revisionDate":"2026-06-05T07:00:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4be46a0a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007092de28","releaseDate":"2026-06-05T07:00:36-07:00","cveNumber":"CVE-2026-11071","cveTitle":"Chromium: CVE-2026-11071 Use after free in Base","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:36-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11071","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11071","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11071","version":1,"revisionDate":"2026-06-05T07:00:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1a94b170-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003ee1a9a8","releaseDate":"2026-06-05T07:00:36-07:00","cveNumber":"CVE-2026-10913","cveTitle":"Chromium: CVE-2026-10913 Use after free in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:36-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10913","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10913","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10913","version":1,"revisionDate":"2026-06-05T07:00:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"79bf6d04-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b46b017f","releaseDate":"2026-06-05T07:00:36-07:00","cveNumber":"CVE-2026-11233","cveTitle":"Chromium: CVE-2026-11233 Insufficient validation of untrusted input in FoldableAPIs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:36-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11233","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11233","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11233","version":1,"revisionDate":"2026-06-05T07:00:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ab65f5dc-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00004d2f8446","releaseDate":"2026-06-05T07:00:36-07:00","cveNumber":"CVE-2026-11179","cveTitle":"Chromium: CVE-2026-11179 Inappropriate implementation in ORB","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:36-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11179","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11179","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11179","version":1,"revisionDate":"2026-06-05T07:00:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"af85e7b8-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000001f85a63","releaseDate":"2026-06-05T07:00:36-07:00","cveNumber":"CVE-2026-10965","cveTitle":"Chromium: CVE-2026-10965 Integer overflow in DevTools","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:36-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10965","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10965","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10965","version":1,"revisionDate":"2026-06-05T07:00:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"dfed4b28-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00005127ee4e","releaseDate":"2026-06-05T07:00:35-07:00","cveNumber":"CVE-2026-11289","cveTitle":"Chromium: CVE-2026-11289 Side-channel information leakage in Paint","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:35-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11289","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11289","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11289","version":1,"revisionDate":"2026-06-05T07:00:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"007e1d01-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d51d3786","releaseDate":"2026-06-05T07:00:35-07:00","cveNumber":"CVE-2026-11070","cveTitle":"Chromium: CVE-2026-11070 Insufficient validation of untrusted input in Chromoting","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:35-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11070","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11070","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11070","version":1,"revisionDate":"2026-06-05T07:00:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0b94b170-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b3c2729b","releaseDate":"2026-06-05T07:00:35-07:00","cveNumber":"CVE-2026-11018","cveTitle":"Chromium: CVE-2026-11018 Insufficient policy enforcement in Actor","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:35-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11018","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11018","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11018","version":1,"revisionDate":"2026-06-05T07:00:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7f905e4c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000019f759dc","releaseDate":"2026-06-05T07:00:35-07:00","cveNumber":"CVE-2026-11232","cveTitle":"Chromium: CVE-2026-11232 Inappropriate implementation in TabGroups","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:35-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11232","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11232","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11232","version":1,"revisionDate":"2026-06-05T07:00:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9b65f5dc-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000073430304","releaseDate":"2026-06-05T07:00:35-07:00","cveNumber":"CVE-2026-11126","cveTitle":"Chromium: CVE-2026-11126 Insufficient validation of untrusted input in DevTools","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:35-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11126","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11126","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11126","version":1,"revisionDate":"2026-06-05T07:00:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"15fce794-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009c6c0206","releaseDate":"2026-06-05T07:00:35-07:00","cveNumber":"CVE-2026-10964","cveTitle":"Chromium: CVE-2026-10964 Integer overflow in V8","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:35-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10964","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10964","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10964","version":1,"revisionDate":"2026-06-05T07:00:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cfed4b28-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d955514b","releaseDate":"2026-06-05T07:00:35-07:00","cveNumber":"CVE-2026-10912","cveTitle":"Chromium: CVE-2026-10912 Insufficient validation of untrusted input in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:35-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10912","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10912","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10912","version":1,"revisionDate":"2026-06-05T07:00:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"69bf6d04-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b6b246ac","releaseDate":"2026-06-05T07:00:34-07:00","cveNumber":"CVE-2026-11288","cveTitle":"Chromium: CVE-2026-11288 Policy bypass in CSS","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:34-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11288","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11288","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11288","version":1,"revisionDate":"2026-06-05T07:00:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f17d1d01-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d3ce5b61","releaseDate":"2026-06-05T07:00:34-07:00","cveNumber":"CVE-2026-11177","cveTitle":"Chromium: CVE-2026-11177 Use after free in Omnibox","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:34-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11177","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11177","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11177","version":1,"revisionDate":"2026-06-05T07:00:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9185e7b8-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d4d6f158","releaseDate":"2026-06-05T07:00:34-07:00","cveNumber":"CVE-2026-11017","cveTitle":"Chromium: CVE-2026-11017 Inappropriate implementation in Link Preview","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:34-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11017","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11017","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11017","version":1,"revisionDate":"2026-06-05T07:00:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"70905e4c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000037e1a9a8","releaseDate":"2026-06-05T07:00:34-07:00","cveNumber":"CVE-2026-10963","cveTitle":"Chromium: CVE-2026-10963 Integer overflow in V8","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:34-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10963","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10963","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10963","version":1,"revisionDate":"2026-06-05T07:00:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c0ed4b28-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007e82b239","releaseDate":"2026-06-05T07:00:34-07:00","cveNumber":"CVE-2026-11231","cveTitle":"Chromium: CVE-2026-11231 Inappropriate implementation in Safe Browsing","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:34-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11231","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11231","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11231","version":1,"revisionDate":"2026-06-05T07:00:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8c65f5dc-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000eb8aaa6","releaseDate":"2026-06-05T07:00:34-07:00","cveNumber":"CVE-2026-11125","cveTitle":"Chromium: CVE-2026-11125 Use after free in Compositing","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:34-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11125","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11125","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11125","version":1,"revisionDate":"2026-06-05T07:00:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"05fce794-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000049371a3e","releaseDate":"2026-06-05T07:00:34-07:00","cveNumber":"CVE-2026-11069","cveTitle":"Chromium: CVE-2026-11069 Insufficient validation of untrusted input in Cast","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:34-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11069","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11069","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11069","version":1,"revisionDate":"2026-06-05T07:00:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fc93b170-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000074caf8ed","releaseDate":"2026-06-05T07:00:34-07:00","cveNumber":"CVE-2026-10911","cveTitle":"Chromium: CVE-2026-10911 Insufficient validation of untrusted input in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:34-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10911","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10911","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10911","version":1,"revisionDate":"2026-06-05T07:00:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5abf6d04-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006e430304","releaseDate":"2026-06-05T07:00:33-07:00","cveNumber":"CVE-2026-11176","cveTitle":"Chromium: CVE-2026-11176 Inappropriate implementation in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:33-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11176","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11176","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11176","version":1,"revisionDate":"2026-06-05T07:00:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7f85e7b8-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000aec2729b","releaseDate":"2026-06-05T07:00:33-07:00","cveNumber":"CVE-2026-11068","cveTitle":"Chromium: CVE-2026-11068 Use after free in WebSockets","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:33-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11068","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11068","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11068","version":1,"revisionDate":"2026-06-05T07:00:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"eb93b170-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e30d0b97","releaseDate":"2026-06-05T07:00:33-07:00","cveNumber":"CVE-2026-11230","cveTitle":"Chromium: CVE-2026-11230 Use after free in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:33-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11230","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11230","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11230","version":1,"revisionDate":"2026-06-05T07:00:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7a65f5dc-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a92c5249","releaseDate":"2026-06-05T07:00:33-07:00","cveNumber":"CVE-2026-11124","cveTitle":"Chromium: CVE-2026-11124 Heap buffer overflow in Skia","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:33-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11124","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11124","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11124","version":1,"revisionDate":"2026-06-05T07:00:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f6fbe794-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d255514b","releaseDate":"2026-06-05T07:00:33-07:00","cveNumber":"CVE-2026-10962","cveTitle":"Chromium: CVE-2026-10962 Type Confusion in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:33-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10962","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10962","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10962","version":1,"revisionDate":"2026-06-05T07:00:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b1ed4b28-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a824bc51","releaseDate":"2026-06-05T07:00:32-07:00","cveNumber":"CVE-2026-11286","cveTitle":"Chromium: CVE-2026-11286 Insufficient validation of untrusted input in Wallet","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:32-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11286","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11286","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11286","version":1,"revisionDate":"2026-06-05T07:00:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d17d1d01-8460-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00005727ee4e","releaseDate":"2026-06-05T07:00:32-07:00","cveNumber":"CVE-2026-11229","cveTitle":"Chromium: CVE-2026-11229 Insufficient policy enforcement in Enterprise","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:32-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11229","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11229","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11229","version":1,"revisionDate":"2026-06-05T07:00:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6a65f5dc-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000044a1f9eb","releaseDate":"2026-06-05T07:00:32-07:00","cveNumber":"CVE-2026-11123","cveTitle":"Chromium: CVE-2026-11123 Uninitialized Use in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:32-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11123","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11123","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11123","version":1,"revisionDate":"2026-06-05T07:00:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e5fbe794-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000039624ab6","releaseDate":"2026-06-05T07:00:32-07:00","cveNumber":"CVE-2026-11016","cveTitle":"Chromium: CVE-2026-11016 Insufficient validation of untrusted input in Network","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:32-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11016","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11016","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11016","version":1,"revisionDate":"2026-06-05T07:00:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5d905e4c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000f3fa090","releaseDate":"2026-06-05T07:00:32-07:00","cveNumber":"CVE-2026-10910","cveTitle":"Chromium: CVE-2026-10910 Type Confusion in V8","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:32-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10910","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10910","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10910","version":1,"revisionDate":"2026-06-05T07:00:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"47bf6d04-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a42c5249","releaseDate":"2026-06-05T07:00:31-07:00","cveNumber":"CVE-2026-11174","cveTitle":"Chromium: CVE-2026-11174 Insufficient policy enforcement in Site Isolation","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:31-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11174","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11174","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11174","version":1,"revisionDate":"2026-06-05T07:00:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6185e7b8-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000bcb246ac","releaseDate":"2026-06-05T07:00:31-07:00","cveNumber":"CVE-2026-11228","cveTitle":"Chromium: CVE-2026-11228 Incorrect security UI in File Input","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:31-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11228","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11228","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11228","version":1,"revisionDate":"2026-06-05T07:00:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5b65f5dc-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000df15a18e","releaseDate":"2026-06-05T07:00:31-07:00","cveNumber":"CVE-2026-11122","cveTitle":"Chromium: CVE-2026-11122 Inappropriate implementation in Keyboard","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:31-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11122","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11122","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11122","version":1,"revisionDate":"2026-06-05T07:00:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d6fbe794-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000cfd6f158","releaseDate":"2026-06-05T07:00:31-07:00","cveNumber":"CVE-2026-11067","cveTitle":"Chromium: CVE-2026-11067 Uninitialized Use in Dawn","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:31-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11067","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11067","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11067","version":1,"revisionDate":"2026-06-05T07:00:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"dc93b170-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000ac0409e","releaseDate":"2026-06-05T07:00:31-07:00","cveNumber":"CVE-2026-11015","cveTitle":"Chromium: CVE-2026-11015 Out of bounds read in WebGPU","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:31-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11015","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11015","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11015","version":1,"revisionDate":"2026-06-05T07:00:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4e905e4c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000083fa090","releaseDate":"2026-06-05T07:00:31-07:00","cveNumber":"CVE-2026-10960","cveTitle":"Chromium: CVE-2026-10960 Uninitialized Use in Codecs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:31-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10960","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10960","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10960","version":1,"revisionDate":"2026-06-05T07:00:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"91ed4b28-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009b25bdd8","releaseDate":"2026-06-05T07:00:31-07:00","cveNumber":"CVE-2026-10909","cveTitle":"Chromium: CVE-2026-10909 Use after free in Dawn","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:31-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10909","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10909","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10909","version":1,"revisionDate":"2026-06-05T07:00:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"38bf6d04-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003fa1f9eb","releaseDate":"2026-06-05T07:00:30-07:00","cveNumber":"CVE-2026-11173","cveTitle":"Chromium: CVE-2026-11173 Out of bounds write in V8","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:30-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11173","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11173","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11173","version":1,"revisionDate":"2026-06-05T07:00:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5285e7b8-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000034624ab6","releaseDate":"2026-06-05T07:00:30-07:00","cveNumber":"CVE-2026-11066","cveTitle":"Chromium: CVE-2026-11066 Insufficient validation of untrusted input in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:30-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11066","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11066","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11066","version":1,"revisionDate":"2026-06-05T07:00:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"cc93b170-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006f4b99fb","releaseDate":"2026-06-05T07:00:30-07:00","cveNumber":"CVE-2026-11014","cveTitle":"Chromium: CVE-2026-11014 Insufficient policy enforcement in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:30-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11014","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11014","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11014","version":1,"revisionDate":"2026-06-05T07:00:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3e905e4c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000723b6d0c","releaseDate":"2026-06-05T07:00:30-07:00","cveNumber":"CVE-2026-11284","cveTitle":"Chromium: CVE-2026-11284 Side-channel information leakage in PerformanceAPIs","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:30-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11284","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11284","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11284","version":1,"revisionDate":"2026-06-05T07:00:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f6931bfb-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000499963f4","releaseDate":"2026-06-05T07:00:30-07:00","cveNumber":"CVE-2026-11227","cveTitle":"Chromium: CVE-2026-11227 Incorrect security UI in Tab Hover Cards","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:30-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11227","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11227","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11227","version":1,"revisionDate":"2026-06-05T07:00:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4c65f5dc-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007a8a4831","releaseDate":"2026-06-05T07:00:30-07:00","cveNumber":"CVE-2026-11121","cveTitle":"Chromium: CVE-2026-11121 Insufficient validation of untrusted input in Skia","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:30-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11121","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11121","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11121","version":1,"revisionDate":"2026-06-05T07:00:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c6fbe794-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000369a647b","releaseDate":"2026-06-05T07:00:30-07:00","cveNumber":"CVE-2026-10908","cveTitle":"Chromium: CVE-2026-10908 Use after free in FullScreen","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:30-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10908","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10908","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10908","version":1,"revisionDate":"2026-06-05T07:00:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"28bf6d04-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000015ffefd3","releaseDate":"2026-06-05T07:00:29-07:00","cveNumber":"CVE-2026-11120","cveTitle":"Chromium: CVE-2026-11120 Insufficient validation of untrusted input in Enterprise Reporting","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:29-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11120","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11120","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11120","version":1,"revisionDate":"2026-06-05T07:00:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b7fbe794-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d10e0c1e","releaseDate":"2026-06-05T07:00:29-07:00","cveNumber":"CVE-2026-10907","cveTitle":"Chromium: CVE-2026-10907 Out of bounds write in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:29-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10907","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10907","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10907","version":1,"revisionDate":"2026-06-05T07:00:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"19bf6d04-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000af6b017f","releaseDate":"2026-06-05T07:00:29-07:00","cveNumber":"CVE-2026-11283","cveTitle":"Chromium: CVE-2026-11283 Policy bypass in Shortcuts","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:29-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11283","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11283","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11283","version":1,"revisionDate":"2026-06-05T07:00:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e7931bfb-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000040a98fe3","releaseDate":"2026-06-05T07:00:29-07:00","cveNumber":"CVE-2026-11013","cveTitle":"Chromium: CVE-2026-11013 Insufficient validation of untrusted input in Network","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:29-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11013","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11013","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11013","version":1,"revisionDate":"2026-06-05T07:00:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2f905e4c-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000014f759dc","releaseDate":"2026-06-05T07:00:28-07:00","cveNumber":"CVE-2026-11282","cveTitle":"Chromium: CVE-2026-11282 Policy bypass in Sandbox","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:28-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11282","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11282","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11282","version":1,"revisionDate":"2026-06-05T07:00:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d8931bfb-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000758a4831","releaseDate":"2026-06-05T07:00:27-07:00","cveNumber":"CVE-2026-11171","cveTitle":"Chromium: CVE-2026-11171 Integer overflow in Blink","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:27-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11171","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11171","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11171","version":1,"revisionDate":"2026-06-05T07:00:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a928efb2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000eea32be9","releaseDate":"2026-06-05T07:00:27-07:00","cveNumber":"CVE-2026-11118","cveTitle":"Chromium: CVE-2026-11118 Use after free in WebRTC","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:27-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11118","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11118","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11118","version":1,"revisionDate":"2026-06-05T07:00:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"21d5ea8e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007692de28","releaseDate":"2026-06-05T07:00:27-07:00","cveNumber":"CVE-2026-11011","cveTitle":"Chromium: CVE-2026-11011 Insufficient policy enforcement in Password Manager","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:27-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11011","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11011","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11011","version":1,"revisionDate":"2026-06-05T07:00:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e32f6646-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006c83b3c0","releaseDate":"2026-06-05T07:00:27-07:00","cveNumber":"CVE-2026-10906","cveTitle":"Chromium: CVE-2026-10906 Use after free in WebAuthentication","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:27-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10906","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10906","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10906","version":1,"revisionDate":"2026-06-05T07:00:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"08bf6d04-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007982b239","releaseDate":"2026-06-05T07:00:27-07:00","cveNumber":"CVE-2026-11281","cveTitle":"Chromium: CVE-2026-11281 Integer overflow in Chromoting","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:27-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11281","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11281","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11281","version":1,"revisionDate":"2026-06-05T07:00:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c7931bfb-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000013b014af","releaseDate":"2026-06-05T07:00:27-07:00","cveNumber":"CVE-2026-11225","cveTitle":"Chromium: CVE-2026-11225 Incorrect security UI in WebUI","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:27-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11225","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11225","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11225","version":1,"revisionDate":"2026-06-05T07:00:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2e54ecd6-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000ce0e0c1e","releaseDate":"2026-06-05T07:00:27-07:00","cveNumber":"CVE-2026-10957","cveTitle":"Chromium: CVE-2026-10957 Use after free in Glic","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:27-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10957","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10957","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10957","version":1,"revisionDate":"2026-06-05T07:00:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"62ed4b28-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000783b6d0c","releaseDate":"2026-06-05T07:00:26-07:00","cveNumber":"CVE-2026-11224","cveTitle":"Chromium: CVE-2026-11224 Use after free in Chromoting","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:26-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11224","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11224","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11224","version":1,"revisionDate":"2026-06-05T07:00:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1f54ecd6-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000010ffefd3","releaseDate":"2026-06-05T07:00:26-07:00","cveNumber":"CVE-2026-11170","cveTitle":"Chromium: CVE-2026-11170 Inappropriate implementation in Chromoting","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:26-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11170","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11170","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11170","version":1,"revisionDate":"2026-06-05T07:00:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9a28efb2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d9ce5b61","releaseDate":"2026-06-05T07:00:26-07:00","cveNumber":"CVE-2026-11117","cveTitle":"Chromium: CVE-2026-11117 Use after free in Views","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:26-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11117","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11117","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11117","version":1,"revisionDate":"2026-06-05T07:00:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"12d5ea8e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003ba98fe3","releaseDate":"2026-06-05T07:00:26-07:00","cveNumber":"CVE-2026-11063","cveTitle":"Chromium: CVE-2026-11063 Insufficient validation of untrusted input in WebNN","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:26-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11063","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11063","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11063","version":1,"revisionDate":"2026-06-05T07:00:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9983896a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006983b3c0","releaseDate":"2026-06-05T07:00:26-07:00","cveNumber":"CVE-2026-10956","cveTitle":"Chromium: CVE-2026-10956 Use after free in MimeHandlerView","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:26-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10956","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10956","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10956","version":1,"revisionDate":"2026-06-05T07:00:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1f8d5322-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000007f85a63","releaseDate":"2026-06-05T07:00:26-07:00","cveNumber":"CVE-2026-10905","cveTitle":"Chromium: CVE-2026-10905 Use after free in Network","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:26-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10905","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10905","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10905","version":1,"revisionDate":"2026-06-05T07:00:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f9be6d04-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00005227ee4e","releaseDate":"2026-06-05T07:00:25-07:00","cveNumber":"CVE-2026-11279","cveTitle":"Chromium: CVE-2026-11279 Out of bounds read in DevTools","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:25-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11279","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11279","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11279","version":1,"revisionDate":"2026-06-05T07:00:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"a9931bfb-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b56b017f","releaseDate":"2026-06-05T07:00:25-07:00","cveNumber":"CVE-2026-11223","cveTitle":"Chromium: CVE-2026-11223 Insufficient validation of untrusted input in Network","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:25-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11223","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11223","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11223","version":1,"revisionDate":"2026-06-05T07:00:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1054ecd6-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00004e2f8446","releaseDate":"2026-06-05T07:00:25-07:00","cveNumber":"CVE-2026-11169","cveTitle":"Chromium: CVE-2026-11169 Inappropriate implementation in XML","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:25-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11169","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11169","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11169","version":1,"revisionDate":"2026-06-05T07:00:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8a28efb2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000074430304","releaseDate":"2026-06-05T07:00:25-07:00","cveNumber":"CVE-2026-11116","cveTitle":"Chromium: CVE-2026-11116 Use after free in Chromoting","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:25-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11116","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11116","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11116","version":1,"revisionDate":"2026-06-05T07:00:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"01d5ea8e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a034e840","releaseDate":"2026-06-05T07:00:25-07:00","cveNumber":"CVE-2026-11062","cveTitle":"Chromium: CVE-2026-11062 Insufficient policy enforcement in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:25-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11062","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11062","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11062","version":1,"revisionDate":"2026-06-05T07:00:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8983896a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000004f85a63","releaseDate":"2026-06-05T07:00:25-07:00","cveNumber":"CVE-2026-10955","cveTitle":"Chromium: CVE-2026-10955 Type Confusion in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:25-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10955","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10955","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10955","version":1,"revisionDate":"2026-06-05T07:00:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"108d5322-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a26c0206","releaseDate":"2026-06-05T07:00:25-07:00","cveNumber":"CVE-2026-10904","cveTitle":"Chromium: CVE-2026-10904 Inappropriate implementation in V8","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:25-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10904","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10904","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10904","version":1,"revisionDate":"2026-06-05T07:00:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"60875dfe-8260-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00001af759dc","releaseDate":"2026-06-05T07:00:24-07:00","cveNumber":"CVE-2026-11222","cveTitle":"Chromium: CVE-2026-11222 Incorrect security UI in Tab Strip","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:24-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11222","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11222","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11222","version":1,"revisionDate":"2026-06-05T07:00:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"0154ecd6-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00000fb8aaa6","releaseDate":"2026-06-05T07:00:24-07:00","cveNumber":"CVE-2026-11115","cveTitle":"Chromium: CVE-2026-11115 Use after free in Updater","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:24-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11115","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11115","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11115","version":1,"revisionDate":"2026-06-05T07:00:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f2d4ea8e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e9a32be9","releaseDate":"2026-06-05T07:00:24-07:00","cveNumber":"CVE-2026-11168","cveTitle":"Chromium: CVE-2026-11168 Insufficient policy enforcement in Extensions","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:24-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11168","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11168","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11168","version":1,"revisionDate":"2026-06-05T07:00:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7b28efb2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007192de28","releaseDate":"2026-06-05T07:00:24-07:00","cveNumber":"CVE-2026-11061","cveTitle":"Chromium: CVE-2026-11061 Out of bounds read in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:24-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11061","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11061","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11061","version":1,"revisionDate":"2026-06-05T07:00:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7a83896a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00004f371a3e","releaseDate":"2026-06-05T07:00:24-07:00","cveNumber":"CVE-2026-11009","cveTitle":"Chromium: CVE-2026-11009 Use after free in USB","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:24-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11009","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11009","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11009","version":1,"revisionDate":"2026-06-05T07:00:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c42f6646-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00003de1a9a8","releaseDate":"2026-06-05T07:00:24-07:00","cveNumber":"CVE-2026-10903","cveTitle":"Chromium: CVE-2026-10903 Use after free in WebRTC","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:24-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10903","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10903","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10903","version":1,"revisionDate":"2026-06-05T07:00:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"51875dfe-8260-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00007f82b239","releaseDate":"2026-06-05T07:00:23-07:00","cveNumber":"CVE-2026-11221","cveTitle":"Chromium: CVE-2026-11221 Insufficient validation of untrusted input in PointerLock","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:23-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11221","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11221","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11221","version":1,"revisionDate":"2026-06-05T07:00:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"f053ecd6-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000aa2c5249","releaseDate":"2026-06-05T07:00:23-07:00","cveNumber":"CVE-2026-11114","cveTitle":"Chromium: CVE-2026-11114 Use after free in Device Trust","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:23-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11114","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11114","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11114","version":1,"revisionDate":"2026-06-05T07:00:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e1d4ea8e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d61d3786","releaseDate":"2026-06-05T07:00:23-07:00","cveNumber":"CVE-2026-11060","cveTitle":"Chromium: CVE-2026-11060 Use after free in Media","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:23-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11060","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11060","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11060","version":1,"revisionDate":"2026-06-05T07:00:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6a83896a-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000b4c2729b","releaseDate":"2026-06-05T07:00:23-07:00","cveNumber":"CVE-2026-11008","cveTitle":"Chromium: CVE-2026-11008 Insufficient validation of untrusted input in WebAppInstalls","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:23-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11008","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11008","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11008","version":1,"revisionDate":"2026-06-05T07:00:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b52f6646-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009f6c0206","releaseDate":"2026-06-05T07:00:23-07:00","cveNumber":"CVE-2026-10954","cveTitle":"Chromium: CVE-2026-10954 Use after free in Actor","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:23-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10954","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10954","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10954","version":1,"revisionDate":"2026-06-05T07:00:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"018d5322-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000a924bc51","releaseDate":"2026-06-05T07:00:22-07:00","cveNumber":"CVE-2026-11276","cveTitle":"Chromium: CVE-2026-11276 Inappropriate implementation in Cast","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:22-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11276","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11276","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11276","version":1,"revisionDate":"2026-06-05T07:00:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"77931bfb-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e40d0b97","releaseDate":"2026-06-05T07:00:22-07:00","cveNumber":"CVE-2026-11220","cveTitle":"Chromium: CVE-2026-11220 Insufficient validation of untrusted input in Navigation","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:22-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11220","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11220","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11220","version":1,"revisionDate":"2026-06-05T07:00:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"dd53ecd6-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00006f430304","releaseDate":"2026-06-05T07:00:22-07:00","cveNumber":"CVE-2026-11166","cveTitle":"Chromium: CVE-2026-11166 Inappropriate implementation in SVG","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:22-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11166","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11166","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11166","version":1,"revisionDate":"2026-06-05T07:00:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5a28efb2-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000d855514b","releaseDate":"2026-06-05T07:00:22-07:00","cveNumber":"CVE-2026-10902","cveTitle":"Chromium: CVE-2026-10902 Use after free in Ozone","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:22-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-10902","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-10902","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-10902","version":1,"revisionDate":"2026-06-05T07:00:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"40875dfe-8260-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-000045a1f9eb","releaseDate":"2026-06-05T07:00:22-07:00","cveNumber":"CVE-2026-11113","cveTitle":"Chromium: CVE-2026-11113 Insufficient validation of untrusted input in ANGLE","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:22-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11113","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11113","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11113","version":1,"revisionDate":"2026-06-05T07:00:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d2d4ea8e-8360-f111-8d4a-00224878786f"}]},{"id":"00000000-0000-0000-0000-00004a371a3e","releaseDate":"2026-06-05T07:00:22-07:00","cveNumber":"CVE-2026-11059","cveTitle":"Chromium: CVE-2026-11059 Use after free in Blink","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-05T07:00:22-07:00","description":"

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.","mitreText":"CVE-2026-11059","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-11059","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"

What is the version information for this release?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Microsoft Edge VersionDate ReleasedBased on Chromium Version
149.0.4022.5206/05/2026149.0.7827.54
\n","ordinal":10000},{"articleType":"FAQ","description":"

Why is this Chrome CVE included in the Security Update Guide?

\n

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

\n

How can I see the version of the browser?

\n
    \n
  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. \n
  2. Click on Help and Feedback
    3. \n
  3. Click on About Microsoft Edge
    4. \n
\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-11059","version":1,"revisionDate":"2026-06-05T07:00:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"

Information published.

\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"5a83896a-8360-f111-8d4a-00224878786f"}]}],"@odata.nextLink":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/vulnerability?$skip=500"}