{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability","@odata.count":19173,"value":[{"id":"00000000-0000-0000-0000-00000a4591c3","releaseDate":"2026-04-29T01:06:32-07:00","cveNumber":"CVE-2026-31563","cveTitle":"net: macb: Use dev_consume_skb_any() to free TX SKBs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:58:53-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31563","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31563","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"Linux","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31563","version":1,"revisionDate":"2026-04-29T01:06:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"944800a4-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31563","version":2,"revisionDate":"2026-04-29T14:58:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"922126ed-db43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b3a609c4","releaseDate":"2026-04-28T07:00:42-07:00","cveNumber":"CVE-2026-6920","cveTitle":"Chromium: CVE-2026-6920 Out of bounds read in GPU","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-28T07:00:42-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6920","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6920","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.87</td>\n<td>04/248/2026</td>\n<td>147.0.7727.118</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-6920","version":1,"revisionDate":"2026-04-28T07:00:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"62d0965f-3940-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-00009c18407a","releaseDate":"2026-04-26T01:09:15-07:00","cveNumber":"CVE-2026-31679","cveTitle":"openvswitch: validate MPLS set/set_masked payload length","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:40-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31679","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31679","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31679","version":1,"revisionDate":"2026-04-26T01:09:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ba5c6489-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31679","version":1.1,"revisionDate":"2026-04-27T14:46:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce7110ef-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31679","version":3,"revisionDate":"2026-04-29T14:54:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b832975a-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31679","version":2,"revisionDate":"2026-04-29T01:42:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"eaa069ac-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000095d1fa4c","releaseDate":"2026-04-26T01:09:09-07:00","cveNumber":"CVE-2026-31674","cveTitle":"netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:25-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31674","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31674","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31674","version":1.1,"revisionDate":"2026-04-27T14:46:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e17f79e8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31674","version":3,"revisionDate":"2026-04-29T14:54:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4de21f4e-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31674","version":1,"revisionDate":"2026-04-26T01:09:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a6d9fd87-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31674","version":2,"revisionDate":"2026-04-29T01:42:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2e3135a5-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f2150e7d","releaseDate":"2026-04-26T01:09:04-07:00","cveNumber":"CVE-2026-31682","cveTitle":"bridge: br_nd_send: linearize skb before parsing ND options","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:10-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31682","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31682","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31682","version":1.1,"revisionDate":"2026-04-27T14:46:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"da7f79e8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31682","version":2,"revisionDate":"2026-04-29T01:42:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"296415a1-6c43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31682","version":1,"revisionDate":"2026-04-26T01:09:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0c050382-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31682","version":3,"revisionDate":"2026-04-29T14:54:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"df584b45-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000001a498d7","releaseDate":"2026-04-26T01:08:45-07:00","cveNumber":"CVE-2026-31678","cveTitle":"openvswitch: defer tunnel netdev_put to RCU release","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:53:27-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31678","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31678","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31678","version":2,"revisionDate":"2026-04-27T14:46:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"df1062dc-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31678","version":1,"revisionDate":"2026-04-26T01:08:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"42f21374-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31678","version":3,"revisionDate":"2026-04-29T14:53:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c6ca3630-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000028ff5cc2","releaseDate":"2026-04-26T01:08:39-07:00","cveNumber":"CVE-2026-31680","cveTitle":"net: ipv6: flowlabel: defer exclusive option free until RCU teardown","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:53:11-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31680","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31680","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31680","version":2,"revisionDate":"2026-04-27T14:46:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"571aa7d5-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31680","version":1,"revisionDate":"2026-04-26T01:08:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2ef21374-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31680","version":3,"revisionDate":"2026-04-29T14:53:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f810a826-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003046a2ef","releaseDate":"2026-04-26T01:08:22-07:00","cveNumber":"CVE-2026-31675","cveTitle":"net/sched: sch_netem: fix out-of-bounds access in packet corruption","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:52:28-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31675","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31675","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31675","version":1.1,"revisionDate":"2026-04-27T14:46:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79e513cf-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31675","version":3,"revisionDate":"2026-04-29T14:52:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0950620c-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31675","version":1,"revisionDate":"2026-04-26T01:08:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2fbefd66-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31675","version":2,"revisionDate":"2026-04-29T01:41:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79032392-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d15b427e","releaseDate":"2026-04-26T01:07:39-07:00","cveNumber":"CVE-2026-31591","cveTitle":"KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:41:14-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31591","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31591","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31591","version":1.1,"revisionDate":"2026-04-27T14:46:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"72e513cf-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31591","version":1,"revisionDate":"2026-04-26T01:07:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d4352252-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31591","version":2,"revisionDate":"2026-04-29T14:41:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"679e4f76-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000cb730465","releaseDate":"2026-04-26T01:07:10-07:00","cveNumber":"CVE-2026-31601","cveTitle":"vfio/xe: Reorganize the init to decouple migration from reset","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:40:06-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31601","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31601","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31601","version":2,"revisionDate":"2026-04-27T14:45:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0d8e4abb-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31601","version":1,"revisionDate":"2026-04-26T01:07:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4f94863d-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31601","version":3,"revisionDate":"2026-04-29T14:40:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4e26ba4e-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a318407a","releaseDate":"2026-04-26T01:06:38-07:00","cveNumber":"CVE-2026-31609","cveTitle":"smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:38:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31609","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31609","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31609","version":1,"revisionDate":"2026-04-26T01:06:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aaf0cd2d-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31609","version":1.1,"revisionDate":"2026-04-27T14:45:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"841455a8-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31609","version":2,"revisionDate":"2026-04-29T14:38:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9702bf2a-d943-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000030ff5cc2","releaseDate":"2026-04-26T01:05:45-07:00","cveNumber":"CVE-2026-31600","cveTitle":"arm64: mm: Handle invalid large leaf mappings correctly","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T15:00:22-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31600","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31600","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31600","version":3,"revisionDate":"2026-04-29T15:00:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a5e47d20-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31600","version":1,"revisionDate":"2026-04-26T01:05:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b6974f08-0c41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31600","version":2,"revisionDate":"2026-04-27T14:44:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"67e03a8e-4742-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000069924b17","releaseDate":"2026-04-26T01:05:40-07:00","cveNumber":"CVE-2026-32147","cveTitle":"SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T01:40:02-07:00","cweList":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"cweDetailsListForSearch":["cwe: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweUrl: https://cwe.mitre.org/data/definitions/22.html"],"mitreText":"CVE-2026-32147","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32147","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"EEF","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","https://cwe.mitre.org/data/definitions/22.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-32147","version":1,"revisionDate":"2026-04-26T01:05:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"61bf0f0a-0c41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32147","version":2,"revisionDate":"2026-04-27T14:44:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e7d5788-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32147","version":3,"revisionDate":"2026-04-29T01:40:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c52f6654-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000008a498d7","releaseDate":"2026-04-26T01:05:27-07:00","cveNumber":"CVE-2026-31608","cveTitle":"smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:59:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31608","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31608","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31608","version":1.1,"revisionDate":"2026-04-27T14:43:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"47fb4282-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31608","version":2,"revisionDate":"2026-04-29T14:59:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f4b9dc12-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31608","version":1,"revisionDate":"2026-04-26T01:05:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b97c3f02-0c41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fec9a362","releaseDate":"2026-04-26T01:05:18-07:00","cveNumber":"CVE-2026-23414","cveTitle":"tls: Purge async_hold in tls_decrypt_async_wait()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:48:15-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23414","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23414","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23414","version":2,"revisionDate":"2026-04-27T14:43:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5421337c-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23414","version":3,"revisionDate":"2026-04-29T14:48:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7b85fa73-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23414","version":1,"revisionDate":"2026-04-26T01:05:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9e4dc8fa-0b41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b8f81604","releaseDate":"2026-04-26T01:05:06-07:00","cveNumber":"CVE-2026-23360","cveTitle":"nvme: fix admin queue leak on controller reset","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:47:46-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-23360","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-23360","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-23360","version":2,"revisionDate":"2026-04-27T14:43:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"326c6275-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-23360","version":1,"revisionDate":"2026-04-26T01:05:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c0e66cf4-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-23360","version":3,"revisionDate":"2026-04-29T14:47:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0caaee5e-da43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005bb4601d","releaseDate":"2026-04-26T01:05:00-07:00","cveNumber":"CVE-2026-41411","cveTitle":"Vim: Command injection via backtick expansion in tag filenames","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T01:39:36-07:00","cweList":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"cweDetailsListForSearch":["cwe: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweUrl: https://cwe.mitre.org/data/definitions/78.html"],"mitreText":"CVE-2026-41411","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41411","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.6","temporalScore":"6.6","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","https://cwe.mitre.org/data/definitions/78.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41411","version":2,"revisionDate":"2026-04-27T14:43:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3342136f-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41411","version":3,"revisionDate":"2026-04-29T01:06:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"15f8fbb6-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41411","version":1,"revisionDate":"2026-04-26T01:05:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce0a59ee-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-41411","version":4,"revisionDate":"2026-04-29T01:39:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ad4d545-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c9730465","releaseDate":"2026-04-26T01:04:10-07:00","cveNumber":"CVE-2026-31621","cveTitle":"bnge: return after auxiliary_device_uninit() in error path","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:46:38-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31621","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31621","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31621","version":1,"revisionDate":"2026-04-26T01:04:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dadb91d4-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31621","version":2,"revisionDate":"2026-04-27T14:42:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"035dca5a-4742-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31621","version":3,"revisionDate":"2026-04-29T14:46:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6973723c-da43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000402ee008","releaseDate":"2026-04-26T01:04:07-07:00","cveNumber":"CVE-2026-31565","cveTitle":"RDMA/irdma: Fix deadlock during netdev reset with active connections","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:57:41-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31565","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31565","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31565","version":1,"revisionDate":"2026-04-26T01:04:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1726b7d0-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31565","version":2,"revisionDate":"2026-04-27T14:42:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"eeb31250-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31565","version":4,"revisionDate":"2026-04-29T14:57:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ba6eebc1-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31565","version":3,"revisionDate":"2026-04-29T01:02:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2fb16c26-6743-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006ed0e920","releaseDate":"2026-04-26T01:03:43-07:00","cveNumber":"CVE-2026-31570","cveTitle":"can: gw: fix OOB heap access in cgw_csum_crc8_rel()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:56:43-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31570","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31570","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31570","version":1,"revisionDate":"2026-04-26T01:03:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"31be8ec3-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31570","version":1.1,"revisionDate":"2026-04-27T14:42:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f8503642-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31570","version":2,"revisionDate":"2026-04-29T01:03:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fd614028-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31570","version":3,"revisionDate":"2026-04-29T01:42:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2b6415a1-6c43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31570","version":4,"revisionDate":"2026-04-29T14:56:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e3eac1a0-db43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000118cd6f0","releaseDate":"2026-04-26T01:03:25-07:00","cveNumber":"CVE-2026-31566","cveTitle":"drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:55:58-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31566","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31566","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31566","version":3,"revisionDate":"2026-04-29T14:55:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9b5c0786-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31566","version":1,"revisionDate":"2026-04-26T01:03:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f6465dba-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31566","version":1.1,"revisionDate":"2026-04-27T14:41:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6855a63c-4742-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31566","version":2,"revisionDate":"2026-04-29T01:41:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"77032392-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000aa007e93","releaseDate":"2026-04-26T01:02:55-07:00","cveNumber":"CVE-2026-31589","cveTitle":"mm: call ->free_folio() directly in folio_unmap_invalidate()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:54:48-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31589","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31589","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31589","version":1,"revisionDate":"2026-04-26T01:02:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4c8794a7-0b41-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31589","version":1.1,"revisionDate":"2026-04-27T14:41:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc16d626-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31589","version":2,"revisionDate":"2026-04-29T14:54:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"220a7c5d-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000074591c3","releaseDate":"2026-04-26T01:02:06-07:00","cveNumber":"CVE-2026-31593","cveTitle":"KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:53:05-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31593","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31593","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31593","version":1.1,"revisionDate":"2026-04-27T14:40:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"69a1b20a-4742-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31593","version":2,"revisionDate":"2026-04-29T14:53:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cae41621-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31593","version":1,"revisionDate":"2026-04-26T01:02:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c27f2088-0b41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002eff5cc2","releaseDate":"2026-04-26T01:02:00-07:00","cveNumber":"CVE-2026-31620","cveTitle":"ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:52:49-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31620","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31620","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31620","version":3,"revisionDate":"2026-04-29T14:52:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c9559b13-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31620","version":1,"revisionDate":"2026-04-26T01:02:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b37f2088-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31620","version":2,"revisionDate":"2026-04-27T14:40:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cacf280b-4742-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000412ee008","releaseDate":"2026-04-26T01:01:37-07:00","cveNumber":"CVE-2026-31555","cveTitle":"futex: Clear stale exiting pointer in futex_lock_pi() retry path","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:51:52-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31555","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31555","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31555","version":1.1,"revisionDate":"2026-04-27T14:40:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce24b7fe-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31555","version":2,"revisionDate":"2026-04-29T01:02:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5a6e771b-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31555","version":4,"revisionDate":"2026-04-29T14:51:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9238f2f3-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31555","version":1,"revisionDate":"2026-04-26T01:01:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b4a87075-0b41-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31555","version":3,"revisionDate":"2026-04-29T01:40:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d9014b5b-6c43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000041394454","releaseDate":"2026-04-26T01:01:24-07:00","cveNumber":"CVE-2026-41079","cveTitle":"OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:51:25-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-41079","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41079","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.3","temporalScore":"4.3","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41079","version":2,"revisionDate":"2026-04-27T14:39:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce87c6f7-4642-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41079","version":3,"revisionDate":"2026-04-29T01:01:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c4ab20ee-6643-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41079","version":4,"revisionDate":"2026-04-29T14:51:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d25b13e7-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41079","version":1,"revisionDate":"2026-04-26T01:01:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8ac50d6f-0b41-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b2a609c4","releaseDate":"2026-04-24T23:57:43-07:00","cveNumber":"CVE-2026-6921","cveTitle":"Chromium: CVE-2026-6921 Race in GPU","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T23:57:43-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6921","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6921","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.86</td>\n<td>04/24/2026</td>\n<td>147.0.7727.116/.117</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-6921","version":1,"revisionDate":"2026-04-24T23:57:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"74d0965f-3940-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e94813dc","releaseDate":"2026-04-24T23:57:39-07:00","cveNumber":"CVE-2026-6919","cveTitle":"Chromium: CVE-2026-6919 Use after free in DevTools","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-28T07:00:00-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6919","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6919","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>\n<p>Yes. Customers should apply all updates offered for the software installed on their systems.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.86</td>\n<td>04/24/2026</td>\n<td>147.0.7727.116/.117</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100}],"revisions":[{"cveNumber":"CVE-2026-6919","version":1.2,"revisionDate":"2026-04-28T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Added a second Security Only package to Edge security update. This is an informational change only.</p>\n","unformattedDescription":"Added a second Security Only package to Edge security update. This is an informational change only.","notificationNeeded":true,"notificationSent":true,"sourceId":"171958db-2643-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6919","version":1,"revisionDate":"2026-04-24T23:57:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"50d0965f-3940-f111-8d47-00224878786f"}]},{"id":"00000000-0000-0000-0000-0000e3e9588a","releaseDate":"2026-04-24T01:05:11-07:00","cveNumber":"CVE-2026-41989","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:51:09-07:00","cweList":["CWE-787: Out-of-bounds Write"],"cweDetailsListForSearch":["cwe: CWE-787: Out-of-bounds Write","cweUrl: https://cwe.mitre.org/data/definitions/787.html"],"mitreText":"CVE-2026-41989","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41989","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.7","temporalScore":"6.7","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-787: Out-of-bounds Write","https://cwe.mitre.org/data/definitions/787.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41989","version":1,"revisionDate":"2026-04-24T01:05:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a0dab8a0-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41989","version":2,"revisionDate":"2026-04-25T01:05:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"606a6ae1-4240-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41989","version":3,"revisionDate":"2026-04-29T14:51:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6c05e1d9-da43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00002010d863","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-21515","cveTitle":"Azure IoT Central Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-21515","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21515","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure IOT Central","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.9","temporalScore":"8.6","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"Azure IOT Central Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-21515","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fa380e94-7bf7-f011-9399-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000073d99044","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-32172","cveTitle":"Microsoft Power Apps Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-427: Uncontrolled Search Path Element"],"cweDetailsListForSearch":["cwe: CWE-427: Uncontrolled Search Path Element","cweUrl: https://cwe.mitre.org/data/definitions/427.html"],"unformattedDescription":"Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-32172","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32172","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Power Apps","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.0","temporalScore":"7.0","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-427: Uncontrolled Search Path Element","https://cwe.mitre.org/data/definitions/427.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"Microsoft Power Apps Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32172","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7da4bde2-4a21-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00004e63d875","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-35431","cveTitle":"Microsoft Entra ID Entitlement Management Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-918: Server-Side Request Forgery (SSRF)"],"cweDetailsListForSearch":["cwe: CWE-918: Server-Side Request Forgery (SSRF)","cweUrl: https://cwe.mitre.org/data/definitions/918.html"],"unformattedDescription":"Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-35431","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35431","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Entra ID Entitlement Management","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"10.0","temporalScore":"8.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-918: Server-Side Request Forgery (SSRF)","https://cwe.mitre.org/data/definitions/918.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"Microsoft Entra ID Entitlement Management Spoofing Vulnerability","articleType":"100000000","description":"<p>Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-35431","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"09736aa7-e138-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fc836f61","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-24303","cveTitle":"Microsoft Partner Center Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-24303","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-24303","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Partner Center","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.6","temporalScore":"8.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"Microsoft Partner Center Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-24303","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"62c74088-0dd5-f011-9395-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000064e8ea14","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-26150","cveTitle":"Microsoft Purview eDiscovery Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-918: Server-Side Request Forgery (SSRF)"],"cweDetailsListForSearch":["cwe: CWE-918: Server-Side Request Forgery (SSRF)","cweUrl: https://cwe.mitre.org/data/definitions/918.html"],"unformattedDescription":"Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-26150","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26150","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Purview","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.6","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-918: Server-Side Request Forgery (SSRF)","https://cwe.mitre.org/data/definitions/918.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"Microsoft Purview Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26150","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2e6a6293-8f1c-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007e1ea5fb","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-33819","cveTitle":"Microsoft Bing Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-33819","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33819","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Bing","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"10.0","temporalScore":"8.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"title":"Microsoft Bing Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"title":"Microsoft Bing Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33819","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d47c053c-212e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000055d99044","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-33102","cveTitle":"Microsoft 365 Copilot Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"],"cweDetailsListForSearch":["cwe: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')","cweUrl: https://cwe.mitre.org/data/definitions/601.html"],"unformattedDescription":"Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-33102","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33102","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"M365 Copilot","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.3","temporalScore":"8.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-601: URL Redirection to Untrusted Site ('Open Redirect')","https://cwe.mitre.org/data/definitions/601.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000},{"title":"M365 Copilot Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33102","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"ff9c04cc-6229-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000fa1eb5a0","releaseDate":"2026-04-23T07:00:00-07:00","cveNumber":"CVE-2026-32210","cveTitle":"Microsoft Dynamics 365 (online) Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-23T07:00:00-07:00","description":"<p>Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-918: Server-Side Request Forgery (SSRF)"],"cweDetailsListForSearch":["cwe: CWE-918: Server-Side Request Forgery (SSRF)","cweUrl: https://cwe.mitre.org/data/definitions/918.html"],"unformattedDescription":"Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-32210","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32210","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":4,"latestSoftwareRelease":"N/A","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Dynamics 365 (Online)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"9.3","temporalScore":"8.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":false,"customerActionRequiredId":2,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-918: Server-Side Request Forgery (SSRF)","https://cwe.mitre.org/data/definitions/918.html"]}],"articles":[{"title":"Microsoft Dynamics 365 (Online) Spoofing Vulnerability","articleType":"100000000","description":"<p>Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>\n<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>\n<p>Please see <a href=\"https://aka.ms/MSRC-Cloud-CVEs\">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32210","version":1,"revisionDate":"2026-04-23T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"af076647-7028-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000019beba7e","releaseDate":"2026-04-23T01:11:06-07:00","cveNumber":"CVE-2026-6409","cveTitle":"Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:49:27-07:00","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"mitreText":"CVE-2026-6409","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6409","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Google","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-6409","version":1,"revisionDate":"2026-04-23T01:11:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d570194a-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6409","version":3,"revisionDate":"2026-04-29T14:50:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bcd338b9-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-6409","version":2,"revisionDate":"2026-04-24T14:44:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e6bd1025-ec3f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-6409","version":4,"revisionDate":"2026-04-30T01:49:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3a4ceed1-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d85b427e","releaseDate":"2026-04-23T01:10:06-07:00","cveNumber":"CVE-2026-31521","cveTitle":"module: Fix kernel panic when a symbol st_shndx is out of bounds","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:13:42-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31521","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31521","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31521","version":3,"revisionDate":"2026-04-29T14:49:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"522caea0-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31521","version":1,"revisionDate":"2026-04-23T01:10:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1eee652a-b13e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31521","version":1.1,"revisionDate":"2026-04-23T14:41:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cc0e9c79-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31521","version":2,"revisionDate":"2026-04-24T01:39:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1841fb72-7e3f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31521","version":4,"revisionDate":"2026-04-30T01:13:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3cfcf0ce-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000044d27bb","releaseDate":"2026-04-23T01:09:55-07:00","cveNumber":"CVE-2026-31473","cveTitle":"media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:49:06-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31473","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31473","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31473","version":1,"revisionDate":"2026-04-23T01:09:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4da35820-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31473","version":2,"revisionDate":"2026-04-24T01:39:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c3d0b26f-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31473","version":3,"revisionDate":"2026-04-29T01:01:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"89b951fa-6643-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31473","version":4,"revisionDate":"2026-04-29T14:49:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9f23ab93-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31473","version":1.1,"revisionDate":"2026-04-23T14:41:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8c830a73-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000035ef30d3","releaseDate":"2026-04-23T01:09:49-07:00","cveNumber":"CVE-2026-31450","cveTitle":"ext4: publish jinode after initialization","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:48:51-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31450","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31450","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31450","version":1,"revisionDate":"2026-04-23T01:09:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"48a35820-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31450","version":1.1,"revisionDate":"2026-04-23T14:40:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bbcbce71-223f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31450","version":2,"revisionDate":"2026-04-24T01:39:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"66fa2669-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31450","version":3,"revisionDate":"2026-04-29T14:48:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c5e67d87-da43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00009dc1ce5d","releaseDate":"2026-04-23T01:09:44-07:00","cveNumber":"CVE-2026-31494","cveTitle":"net: macb: use the current queue number for stats","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:13:23-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31494","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31494","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31494","version":3,"revisionDate":"2026-04-29T14:48:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7dbc0081-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31494","version":1,"revisionDate":"2026-04-23T01:09:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e2e5261d-b13e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31494","version":1.1,"revisionDate":"2026-04-23T14:40:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f3caab6c-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31494","version":2,"revisionDate":"2026-04-24T01:39:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c567666a-7e3f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31494","version":4,"revisionDate":"2026-04-30T01:13:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fe63d1c8-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000aab93866","releaseDate":"2026-04-23T01:09:38-07:00","cveNumber":"CVE-2026-31512","cveTitle":"Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:48:21-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31512","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31512","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31512","version":3,"revisionDate":"2026-04-29T14:48:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7f85fa73-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31512","version":1,"revisionDate":"2026-04-23T01:09:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9088f514-b13e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31512","version":2,"revisionDate":"2026-04-23T14:40:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"99a65166-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31512","version":4,"revisionDate":"2026-04-30T01:13:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2edeaac2-3144-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31512","version":5,"revisionDate":"2026-04-30T01:48:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1e6362aa-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000067d87f18","releaseDate":"2026-04-23T01:09:33-07:00","cveNumber":"CVE-2026-31492","cveTitle":"RDMA/irdma: Initialize free_qp completion before using it","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:48:09-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31492","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31492","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31492","version":1,"revisionDate":"2026-04-23T01:09:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2d0e2f12-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31492","version":2,"revisionDate":"2026-04-23T14:40:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7ea65166-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31492","version":3,"revisionDate":"2026-04-29T14:48:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"65acbf6c-da43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31492","version":4,"revisionDate":"2026-04-30T01:13:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a5fd45bc-3144-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31492","version":5,"revisionDate":"2026-04-30T01:48:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3b1166a4-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000711fc545","releaseDate":"2026-04-23T01:09:27-07:00","cveNumber":"CVE-2026-31467","cveTitle":"erofs: add GFP_NOIO in the bio completion if needed","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:47:45-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31467","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31467","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31467","version":1,"revisionDate":"2026-04-23T01:09:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1a0e2f12-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31467","version":2,"revisionDate":"2026-04-23T14:40:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7342b95f-223f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31467","version":3,"revisionDate":"2026-04-29T14:47:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e76af35f-da43-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000442ee008","releaseDate":"2026-04-23T01:09:22-07:00","cveNumber":"CVE-2026-31525","cveTitle":"bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:47:28-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31525","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31525","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31525","version":1,"revisionDate":"2026-04-23T01:09:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"74c6ac0b-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31525","version":3,"revisionDate":"2026-04-29T14:47:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e39c7e58-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31525","version":1.1,"revisionDate":"2026-04-23T14:40:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a7c3155f-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31525","version":2,"revisionDate":"2026-04-24T01:39:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e5127161-7e3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000064d27bb","releaseDate":"2026-04-23T01:09:17-07:00","cveNumber":"CVE-2026-31453","cveTitle":"xfs: avoid dereferencing log items after push callbacks","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:47:12-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31453","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31453","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31453","version":1,"revisionDate":"2026-04-23T01:09:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"63c6ac0b-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31453","version":2,"revisionDate":"2026-04-24T01:39:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79c16e5f-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31453","version":1.1,"revisionDate":"2026-04-23T14:40:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fb15df58-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31453","version":3,"revisionDate":"2026-04-29T14:47:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6b37ab50-da43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000009946ce8","releaseDate":"2026-04-23T01:09:11-07:00","cveNumber":"CVE-2026-31498","cveTitle":"Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:47:57-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31498","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31498","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31498","version":3,"revisionDate":"2026-04-29T14:46:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"56410e45-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31498","version":4,"revisionDate":"2026-04-30T01:12:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"50cbaab3-3144-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31498","version":1,"revisionDate":"2026-04-23T01:09:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"daffb708-b13e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31498","version":2,"revisionDate":"2026-04-23T14:40:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f015df58-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31498","version":5,"revisionDate":"2026-04-30T01:47:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a6a0ad9d-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000104591c3","releaseDate":"2026-04-23T01:09:06-07:00","cveNumber":"CVE-2026-31503","cveTitle":"udp: Fix wildcard bind conflict check when using hash2","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:12:38-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31503","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31503","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31503","version":1,"revisionDate":"2026-04-23T01:09:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"439d9f01-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31503","version":3,"revisionDate":"2026-04-29T14:46:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"498a7338-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31503","version":2,"revisionDate":"2026-04-23T14:40:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"197d5852-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31503","version":4,"revisionDate":"2026-04-30T01:12:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a05573ae-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000032ef30d3","releaseDate":"2026-04-23T01:09:00-07:00","cveNumber":"CVE-2026-31480","cveTitle":"tracing: Fix potential deadlock in cpu hotplug with osnoise","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:47:35-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31480","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31480","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31480","version":1,"revisionDate":"2026-04-23T01:09:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3b9d9f01-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31480","version":2,"revisionDate":"2026-04-24T01:38:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d0092059-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31480","version":3,"revisionDate":"2026-04-29T01:02:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bbae1c08-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31480","version":4,"revisionDate":"2026-04-29T14:46:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"960bed2b-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31480","version":1.1,"revisionDate":"2026-04-23T14:40:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ff7c5852-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31480","version":5,"revisionDate":"2026-04-30T01:47:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1b27ee8f-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004b752536","releaseDate":"2026-04-23T01:08:55-07:00","cveNumber":"CVE-2026-31528","cveTitle":"perf: Make sure to use pmu_ctx->pmu for groups","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:45:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31528","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31528","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31528","version":2,"revisionDate":"2026-04-24T01:38:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"286d2452-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31528","version":3,"revisionDate":"2026-04-29T14:45:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"48faa125-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31528","version":1,"revisionDate":"2026-04-23T01:08:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"edd27ffc-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31528","version":1.1,"revisionDate":"2026-04-23T14:40:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5964104c-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d063d875","releaseDate":"2026-04-23T01:08:44-07:00","cveNumber":"CVE-2026-31451","cveTitle":"ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:45:32-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31451","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31451","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31451","version":3,"revisionDate":"2026-04-29T14:45:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"41ebdb11-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31451","version":1,"revisionDate":"2026-04-23T01:08:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7cf93bf5-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31451","version":2,"revisionDate":"2026-04-23T14:39:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"78cde045-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b2007e93","releaseDate":"2026-04-23T01:08:38-07:00","cveNumber":"CVE-2026-31509","cveTitle":"nfc: nci: fix circular locking dependency in nci_close_device","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:12:16-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31509","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31509","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31509","version":2,"revisionDate":"2026-04-23T14:39:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d48d2e47-223f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31509","version":3,"revisionDate":"2026-04-29T14:45:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"403b970b-da43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31509","version":4,"revisionDate":"2026-04-30T01:12:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"604a6c9d-3144-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31509","version":1,"revisionDate":"2026-04-23T01:08:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"70f93bf5-b03e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000701fc545","releaseDate":"2026-04-23T01:08:32-07:00","cveNumber":"CVE-2026-31477","cveTitle":"ksmbd: fix memory leaks and NULL deref in smb2_lock()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:46:51-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31477","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31477","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31477","version":3,"revisionDate":"2026-04-29T01:01:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"533c4b00-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31477","version":4,"revisionDate":"2026-04-29T14:45:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5e57eefe-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31477","version":1,"revisionDate":"2026-04-23T01:08:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a91309ef-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31477","version":2,"revisionDate":"2026-04-23T14:39:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d3fd3d3f-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31477","version":5,"revisionDate":"2026-04-30T01:46:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c2119f73-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000b946ce8","releaseDate":"2026-04-23T01:08:27-07:00","cveNumber":"CVE-2026-31478","cveTitle":"ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:46:36-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31478","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31478","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31478","version":2,"revisionDate":"2026-04-24T01:38:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bd28564a-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31478","version":3,"revisionDate":"2026-04-29T01:01:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5d3c4b00-6743-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31478","version":4,"revisionDate":"2026-04-29T14:44:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6627e7f2-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31478","version":1,"revisionDate":"2026-04-23T01:08:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"971309ef-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31478","version":1.1,"revisionDate":"2026-04-23T14:39:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cdfd3d3f-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31478","version":5,"revisionDate":"2026-04-30T01:46:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"581af06b-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a9b93866","releaseDate":"2026-04-23T01:08:21-07:00","cveNumber":"CVE-2026-31522","cveTitle":"HID: magicmouse: avoid memory leak in magicmouse_report_fixup()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:11:54-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31522","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31522","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31522","version":1,"revisionDate":"2026-04-23T01:08:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"425882eb-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31522","version":3,"revisionDate":"2026-04-29T14:44:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"68f587ec-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31522","version":2,"revisionDate":"2026-04-23T14:39:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"826f4439-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31522","version":4,"revisionDate":"2026-04-30T01:11:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a81a898f-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a2c1ce5d","releaseDate":"2026-04-23T01:08:16-07:00","cveNumber":"CVE-2026-31444","cveTitle":"ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:44:13-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31444","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31444","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31444","version":1,"revisionDate":"2026-04-23T01:08:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d4cbb4e8-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31444","version":2,"revisionDate":"2026-04-23T14:39:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6b6f4439-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31444","version":3,"revisionDate":"2026-04-29T14:44:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3c91d5e5-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000731fc545","releaseDate":"2026-04-23T01:08:10-07:00","cveNumber":"CVE-2026-31447","cveTitle":"ext4: reject mount if bigalloc with s_first_data_block != 0","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:43:57-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31447","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31447","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31447","version":1,"revisionDate":"2026-04-23T01:08:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ad0896e4-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31447","version":3,"revisionDate":"2026-04-29T14:43:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"58e49fd9-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31447","version":2,"revisionDate":"2026-04-23T14:39:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e233d332-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000075d0e920","releaseDate":"2026-04-23T01:08:05-07:00","cveNumber":"CVE-2026-31500","cveTitle":"Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:11:31-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31500","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31500","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31500","version":1,"revisionDate":"2026-04-23T01:08:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"132f39de-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31500","version":2,"revisionDate":"2026-04-24T01:38:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e5d31f41-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31500","version":3,"revisionDate":"2026-04-29T14:43:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e50dcd2-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31500","version":1.1,"revisionDate":"2026-04-23T14:39:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cc9ac72c-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31500","version":4,"revisionDate":"2026-04-30T01:11:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"19fa2d83-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000aa08148b","releaseDate":"2026-04-23T01:07:59-07:00","cveNumber":"CVE-2026-31439","cveTitle":"dmaengine: xilinx: xdma: Fix regmap init error handling","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:43:26-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31439","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31439","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31439","version":3,"revisionDate":"2026-04-29T14:43:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2230b3c5-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31439","version":1,"revisionDate":"2026-04-23T01:07:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"964fb0db-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31439","version":2,"revisionDate":"2026-04-23T14:39:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c39ac72c-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007c172f4e","releaseDate":"2026-04-23T01:07:54-07:00","cveNumber":"CVE-2026-31507","cveTitle":"net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:11:14-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31507","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31507","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31507","version":3,"revisionDate":"2026-04-29T14:43:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1d00a9bf-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31507","version":1,"revisionDate":"2026-04-23T01:07:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"844fb0db-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31507","version":1.1,"revisionDate":"2026-04-23T14:39:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ce1caa26-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31507","version":2,"revisionDate":"2026-04-24T01:38:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"146c4b3a-7e3f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31507","version":4,"revisionDate":"2026-04-30T01:11:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d89ed67c-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000e946ce8","releaseDate":"2026-04-23T01:07:48-07:00","cveNumber":"CVE-2026-31448","cveTitle":"ext4: avoid infinite loops caused by residual data","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:42:49-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31448","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31448","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31448","version":1.1,"revisionDate":"2026-04-23T14:38:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4b147d25-223f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31448","version":1,"revisionDate":"2026-04-23T01:07:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"28afeed4-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31448","version":2,"revisionDate":"2026-04-24T01:37:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"126c4b3a-7e3f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31448","version":3,"revisionDate":"2026-04-29T14:42:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"314fb7af-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000034d27bb","releaseDate":"2026-04-23T01:07:43-07:00","cveNumber":"CVE-2026-31483","cveTitle":"s390/syscalls: Add spectre boundary for syscall dispatch table","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:10:57-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31483","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31483","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31483","version":2,"revisionDate":"2026-04-24T01:37:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"542adc36-7e3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31483","version":3,"revisionDate":"2026-04-29T14:42:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ae8ba1a5-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31483","version":4,"revisionDate":"2026-04-30T01:10:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d748c170-3144-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31483","version":1,"revisionDate":"2026-04-23T01:07:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"23afeed4-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31483","version":1.1,"revisionDate":"2026-04-23T14:38:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"45f6af20-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000038367600","releaseDate":"2026-04-23T01:07:37-07:00","cveNumber":"CVE-2026-31495","cveTitle":"netfilter: ctnetlink: use netlink policy range checks","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:10:44-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31495","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31495","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31495","version":3,"revisionDate":"2026-04-29T14:42:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"df6dea9e-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31495","version":1,"revisionDate":"2026-04-23T01:07:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"40137dce-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31495","version":2,"revisionDate":"2026-04-23T14:38:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2bf6af20-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31495","version":4,"revisionDate":"2026-04-30T01:10:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"25907f69-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000039367600","releaseDate":"2026-04-23T01:07:32-07:00","cveNumber":"CVE-2026-31485","cveTitle":"spi: spi-fsl-lpspi: fix teardown order issue (UAF)","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:10:31-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31485","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31485","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31485","version":3,"revisionDate":"2026-04-29T14:41:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a555df92-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31485","version":1,"revisionDate":"2026-04-23T01:07:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"36137dce-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31485","version":2,"revisionDate":"2026-04-23T14:38:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f577441a-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31485","version":4,"revisionDate":"2026-04-30T01:10:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"81e57463-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000084d27bb","releaseDate":"2026-04-23T01:07:26-07:00","cveNumber":"CVE-2026-31433","cveTitle":"ksmbd: fix potencial OOB in get_file_all_info() for compound requests","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:45:42-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31433","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31433","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31433","version":3,"revisionDate":"2026-04-29T14:41:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"04129286-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31433","version":1,"revisionDate":"2026-04-23T01:07:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b8bdf9c7-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31433","version":2,"revisionDate":"2026-04-23T14:38:32-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ef77441a-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31433","version":4,"revisionDate":"2026-04-30T01:45:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"48805d4a-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b1007e93","releaseDate":"2026-04-23T01:07:21-07:00","cveNumber":"CVE-2026-31519","cveTitle":"btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:10:13-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31519","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31519","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31519","version":2,"revisionDate":"2026-04-23T14:38:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"15a57317-223f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31519","version":3,"revisionDate":"2026-04-29T14:41:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0ee81d80-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31519","version":1,"revisionDate":"2026-04-23T01:07:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a3bdf9c7-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31519","version":4,"revisionDate":"2026-04-30T01:10:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"93d45f56-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000073d0e920","releaseDate":"2026-04-23T01:07:04-07:00","cveNumber":"CVE-2026-31520","cveTitle":"HID: apple: avoid memory leak in apple_report_fixup()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:40:47-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31520","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31520","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31520","version":3,"revisionDate":"2026-04-29T14:40:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"00d05866-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31520","version":1,"revisionDate":"2026-04-23T01:07:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"893babb9-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31520","version":2,"revisionDate":"2026-04-23T14:38:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"34a62b0d-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d8aa1da3","releaseDate":"2026-04-23T01:06:58-07:00","cveNumber":"CVE-2026-31446","cveTitle":"ext4: fix use-after-free in update_super_work when racing with umount","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:40:33-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31446","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31446","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31446","version":1,"revisionDate":"2026-04-23T01:06:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c6ec87b5-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31446","version":2,"revisionDate":"2026-04-23T14:38:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a1940107-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31446","version":3,"revisionDate":"2026-04-29T14:40:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7910645d-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004c752536","releaseDate":"2026-04-23T01:06:53-07:00","cveNumber":"CVE-2026-31518","cveTitle":"esp: fix skb leak with espintcp and async crypto","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:09:33-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31518","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31518","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31518","version":3,"revisionDate":"2026-04-29T14:40:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a0045a59-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31518","version":1,"revisionDate":"2026-04-23T01:06:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c695f8b2-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31518","version":2,"revisionDate":"2026-04-23T14:37:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4171d800-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31518","version":4,"revisionDate":"2026-04-30T01:09:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ed00943d-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000068d87f18","releaseDate":"2026-04-23T01:06:47-07:00","cveNumber":"CVE-2026-31482","cveTitle":"s390/entry: Scrub r12 register on kernel entry","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:44:39-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31482","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31482","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31482","version":1,"revisionDate":"2026-04-23T01:06:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b4a401af-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31482","version":2,"revisionDate":"2026-04-23T14:37:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3971d800-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31482","version":3,"revisionDate":"2026-04-29T14:40:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4726ba4e-d943-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31482","version":4,"revisionDate":"2026-04-30T01:44:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2df9d528-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a1c1ce5d","releaseDate":"2026-04-23T01:06:36-07:00","cveNumber":"CVE-2026-31454","cveTitle":"xfs: save ailp before dropping the AIL lock in push callbacks","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:39:34-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31454","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31454","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31454","version":2,"revisionDate":"2026-04-23T14:37:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7cf423fc-213f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31454","version":3,"revisionDate":"2026-04-29T14:39:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"00e9863d-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31454","version":1,"revisionDate":"2026-04-23T01:06:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3524a6ac-b03e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000074d0e920","releaseDate":"2026-04-23T01:06:31-07:00","cveNumber":"CVE-2026-31510","cveTitle":"Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:08:58-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31510","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31510","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31510","version":1,"revisionDate":"2026-04-23T01:06:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3177a7a7-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31510","version":3,"revisionDate":"2026-04-29T14:39:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"827db730-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31510","version":2,"revisionDate":"2026-04-23T14:37:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5e1ba9f3-213f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31510","version":4,"revisionDate":"2026-04-30T01:08:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4b69b92c-3144-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a708148b","releaseDate":"2026-04-23T01:06:25-07:00","cveNumber":"CVE-2026-31469","cveTitle":"virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:39:02-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31469","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31469","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31469","version":1,"revisionDate":"2026-04-23T01:06:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a871aea6-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31469","version":2,"revisionDate":"2026-04-23T14:37:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"521ba9f3-213f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31469","version":3,"revisionDate":"2026-04-29T14:39:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f4b42128-d943-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d163d875","releaseDate":"2026-04-23T01:06:20-07:00","cveNumber":"CVE-2026-31441","cveTitle":"dmaengine: idxd: Fix memory leak when a wq is reset","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:38:46-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31441","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31441","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31441","version":2,"revisionDate":"2026-04-23T14:37:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a76d75ec-213f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31441","version":3,"revisionDate":"2026-04-29T14:38:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"28709a1d-d943-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31441","version":1,"revisionDate":"2026-04-23T01:06:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"648bdc9f-b03e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a0c1ce5d","releaseDate":"2026-04-23T01:06:03-07:00","cveNumber":"CVE-2026-31464","cveTitle":"scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:44:02-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31464","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31464","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31464","version":1,"revisionDate":"2026-04-23T01:06:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f3069099-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31464","version":3,"revisionDate":"2026-04-29T15:02:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4609976b-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31464","version":2,"revisionDate":"2026-04-23T14:37:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1abb46e7-213f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31464","version":4,"revisionDate":"2026-04-30T01:44:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f8bad50e-3644-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006e1fc545","releaseDate":"2026-04-23T01:05:41-07:00","cveNumber":"CVE-2026-31497","cveTitle":"Bluetooth: btusb: clamp SCO altsetting table indices","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:07:53-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31497","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31497","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31497","version":3,"revisionDate":"2026-04-29T15:01:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5c89535e-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31497","version":4,"revisionDate":"2026-04-30T01:07:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a9c24305-3144-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31497","version":1,"revisionDate":"2026-04-23T01:05:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"22f72a8c-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31497","version":2,"revisionDate":"2026-04-23T14:43:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3a0b88cf-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000e4591c3","releaseDate":"2026-04-23T01:05:36-07:00","cveNumber":"CVE-2026-31523","cveTitle":"nvme-pci: ensure we're polling a polled queue","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:07:37-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31523","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31523","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31523","version":1,"revisionDate":"2026-04-23T01:05:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"31059284-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31523","version":2,"revisionDate":"2026-04-23T14:43:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"406d78c8-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31523","version":3,"revisionDate":"2026-04-29T15:01:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2cdd7757-dc43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31523","version":4,"revisionDate":"2026-04-30T01:07:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d4b419f6-3044-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000e1a287ab","releaseDate":"2026-04-23T01:05:25-07:00","cveNumber":"CVE-2026-31504","cveTitle":"net: fix fanout UAF in packet_release() via NETDEV_UP race","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:07:11-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31504","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31504","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31504","version":3,"revisionDate":"2026-04-29T15:01:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8f042652-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31504","version":4,"revisionDate":"2026-04-30T01:07:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2088ffeb-3044-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31504","version":1,"revisionDate":"2026-04-23T01:05:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9da3fc7e-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31504","version":2,"revisionDate":"2026-04-23T14:43:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e40f63c2-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000d946ce8","releaseDate":"2026-04-23T01:05:19-07:00","cveNumber":"CVE-2026-31458","cveTitle":"mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T15:01:29-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31458","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31458","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31458","version":3,"revisionDate":"2026-04-29T15:01:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f78be14b-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31458","version":1,"revisionDate":"2026-04-23T01:05:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8ea3fc7e-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31458","version":2,"revisionDate":"2026-04-23T14:43:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d80f63c2-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009fc1ce5d","releaseDate":"2026-04-23T01:05:14-07:00","cveNumber":"CVE-2026-31474","cveTitle":"can: isotp: fix tx.buf use-after-free in isotp_sendmsg()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T15:01:21-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31474","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31474","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31474","version":3,"revisionDate":"2026-04-29T15:01:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"62a6ad44-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31474","version":1,"revisionDate":"2026-04-23T01:05:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f82dd178-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31474","version":2,"revisionDate":"2026-04-23T14:43:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0d4950bc-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d5aa1da3","releaseDate":"2026-04-23T01:04:46-07:00","cveNumber":"CVE-2026-31476","cveTitle":"ksmbd: do not expire session on binding failure","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:53:14-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31476","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31476","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31476","version":3,"revisionDate":"2026-04-29T01:01:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"94b951fa-6643-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31476","version":1,"revisionDate":"2026-04-23T01:04:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"18ea866b-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31476","version":2,"revisionDate":"2026-04-23T14:42:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b1ec56b0-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31476","version":4,"revisionDate":"2026-04-29T15:00:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2984b530-dc43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31476","version":5,"revisionDate":"2026-04-30T01:53:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"28144459-3744-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003c367600","releaseDate":"2026-04-23T01:04:40-07:00","cveNumber":"CVE-2026-31455","cveTitle":"xfs: stop reclaim before pushing AIL during unmount","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T15:00:36-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31455","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31455","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31455","version":1,"revisionDate":"2026-04-23T01:04:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ed62f964-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31455","version":2,"revisionDate":"2026-04-23T14:42:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"89305aaa-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31455","version":3,"revisionDate":"2026-04-29T15:00:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"113c902a-dc43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006bd87f18","releaseDate":"2026-04-23T01:04:35-07:00","cveNumber":"CVE-2026-31452","cveTitle":"ext4: convert inline data to extents when truncate exceeds inline size","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T15:00:27-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31452","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31452","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31452","version":3,"revisionDate":"2026-04-29T15:00:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6dd98c26-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31452","version":1,"revisionDate":"2026-04-23T01:04:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e062f964-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31452","version":2,"revisionDate":"2026-04-23T14:42:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7b305aaa-223f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000452ee008","releaseDate":"2026-04-23T01:04:29-07:00","cveNumber":"CVE-2026-31515","cveTitle":"af_key: validate families in pfkey_send_migrate()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:05:39-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31515","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31515","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31515","version":3,"revisionDate":"2026-04-29T15:00:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9be47d20-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31515","version":1,"revisionDate":"2026-04-23T01:04:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"daf0645e-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31515","version":2,"revisionDate":"2026-04-23T14:42:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"222f62a4-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31515","version":4,"revisionDate":"2026-04-30T01:05:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c88ae5b5-3044-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d3aa1da3","releaseDate":"2026-04-23T01:04:24-07:00","cveNumber":"CVE-2026-31496","cveTitle":"netfilter: nf_conntrack_expect: skip expectations in other netns via proc","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:05:23-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31496","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31496","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31496","version":3,"revisionDate":"2026-04-29T15:00:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bf3d9419-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-31496","version":1,"revisionDate":"2026-04-23T01:04:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d1f0645e-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31496","version":2,"revisionDate":"2026-04-23T14:42:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1d2f62a4-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31496","version":4,"revisionDate":"2026-04-30T01:05:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a142b3a8-3044-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000dfa287ab","releaseDate":"2026-04-23T01:04:07-07:00","cveNumber":"CVE-2026-31524","cveTitle":"HID: asus: avoid memory leak in asus_report_fixup()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-30T01:04:37-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-31524","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-31524","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"Linux","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-31524","version":1,"revisionDate":"2026-04-23T01:04:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e51e6c51-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31524","version":2,"revisionDate":"2026-04-23T14:42:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3eab5397-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31524","version":3,"revisionDate":"2026-04-29T14:59:44-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a9fc160c-dc43-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-31524","version":4,"revisionDate":"2026-04-30T01:04:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0474828f-3044-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fb48609e","releaseDate":"2026-04-23T01:04:01-07:00","cveNumber":"CVE-2026-40890","cveTitle":"github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:44:48-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-40890","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40890","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40890","version":1,"revisionDate":"2026-04-23T01:04:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8af1d24c-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40890","version":2,"revisionDate":"2026-04-24T14:44:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d9bd1025-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002f011aea","releaseDate":"2026-04-23T01:03:37-07:00","cveNumber":"CVE-2026-40706","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:45:04-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-40706","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40706","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.4","temporalScore":"8.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40706","version":1,"revisionDate":"2026-04-23T01:03:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d6468e3e-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40706","version":2,"revisionDate":"2026-04-24T01:04:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c99cb39a-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40706","version":3,"revisionDate":"2026-04-24T14:45:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fc0d7b2c-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000098d01889","releaseDate":"2026-04-23T01:03:30-07:00","cveNumber":"CVE-2026-22015","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:44:41-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22015","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22015","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.3","temporalScore":"4.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22015","version":1,"revisionDate":"2026-04-23T01:03:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ca468e3e-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22015","version":2,"revisionDate":"2026-04-24T01:03:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8823da69-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22015","version":3,"revisionDate":"2026-04-24T14:44:41-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc30911e-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f362c8d0","releaseDate":"2026-04-23T01:03:25-07:00","cveNumber":"CVE-2026-35236","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:44:31-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-35236","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35236","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35236","version":1,"revisionDate":"2026-04-23T01:03:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ceae437-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35236","version":2,"revisionDate":"2026-04-24T01:04:28-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c9366588-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35236","version":3,"revisionDate":"2026-04-24T14:44:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a5ea8d18-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009c1eb5a0","releaseDate":"2026-04-23T01:03:19-07:00","cveNumber":"CVE-2026-35240","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:44:20-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-35240","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35240","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35240","version":1,"revisionDate":"2026-04-23T01:03:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"66eae437-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35240","version":2,"revisionDate":"2026-04-24T01:04:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8dc48a94-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35240","version":3,"revisionDate":"2026-04-24T14:44:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6e6ef311-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000097d01889","releaseDate":"2026-04-23T01:03:14-07:00","cveNumber":"CVE-2026-22005","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:44:09-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22005","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22005","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22005","version":2,"revisionDate":"2026-04-24T01:03:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aaafb863-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22005","version":3,"revisionDate":"2026-04-24T14:44:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"13f3f50a-ec3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22005","version":1,"revisionDate":"2026-04-23T01:03:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7cae8e30-b03e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003245c02b","releaseDate":"2026-04-23T01:03:08-07:00","cveNumber":"CVE-2026-22004","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:43:58-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22004","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22004","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22004","version":1,"revisionDate":"2026-04-23T01:03:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e9ae722c-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22004","version":2,"revisionDate":"2026-04-24T01:03:16-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"02839a60-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-22004","version":3,"revisionDate":"2026-04-24T14:43:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"946b0505-ec3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000003a3b613","releaseDate":"2026-04-23T01:03:03-07:00","cveNumber":"CVE-2026-22001","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:43:47-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22001","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22001","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"2.7","temporalScore":"2.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22001","version":1,"revisionDate":"2026-04-23T01:03:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dbae722c-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22001","version":3,"revisionDate":"2026-04-24T14:43:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4419a400-ec3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22001","version":2,"revisionDate":"2026-04-24T01:03:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e78c7d5a-793f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001863c8d0","releaseDate":"2026-04-23T01:02:57-07:00","cveNumber":"CVE-2026-34276","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:43:36-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34276","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34276","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34276","version":2,"revisionDate":"2026-04-24T01:03:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b6b42e79-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34276","version":1,"revisionDate":"2026-04-23T01:02:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b9f4962a-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34276","version":3,"revisionDate":"2026-04-24T14:43:36-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"857cb2f7-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000862dd063","releaseDate":"2026-04-23T01:02:51-07:00","cveNumber":"CVE-2026-34304","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:43:25-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34304","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34304","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34304","version":1,"revisionDate":"2026-04-23T01:02:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1d1f5424-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34304","version":2,"revisionDate":"2026-04-24T01:04:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2d0b5c85-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34304","version":3,"revisionDate":"2026-04-24T14:43:25-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e7a679f1-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000caa4a903","releaseDate":"2026-04-23T01:02:46-07:00","cveNumber":"CVE-2026-34308","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:43:14-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34308","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34308","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34308","version":1,"revisionDate":"2026-04-23T01:02:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a1171b24-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34308","version":2,"revisionDate":"2026-04-24T01:04:23-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c7366588-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34308","version":3,"revisionDate":"2026-04-24T14:43:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"27bb80eb-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000021a27706","releaseDate":"2026-04-23T01:02:40-07:00","cveNumber":"CVE-2026-34303","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:59-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34303","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34303","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34303","version":1,"revisionDate":"2026-04-23T01:02:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"64fe791c-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34303","version":2,"revisionDate":"2026-04-24T01:04:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"69c94382-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34303","version":3,"revisionDate":"2026-04-24T14:42:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8d20c6e4-eb3f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000b2d76f73","releaseDate":"2026-04-23T01:02:35-07:00","cveNumber":"CVE-2026-34267","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:48-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34267","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34267","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34267","version":1,"revisionDate":"2026-04-23T01:02:35-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5afe791c-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34267","version":2,"revisionDate":"2026-04-24T01:03:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"140eee6c-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34267","version":3,"revisionDate":"2026-04-24T14:42:48-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4b14bed8-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00006dc3f0b5","releaseDate":"2026-04-23T01:02:29-07:00","cveNumber":"CVE-2026-35238","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:37-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-35238","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35238","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35238","version":1,"revisionDate":"2026-04-23T01:02:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a66afe15-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35238","version":2,"revisionDate":"2026-04-24T01:04:38-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b8154c90-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-35238","version":3,"revisionDate":"2026-04-24T14:42:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"557052d2-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ceb967ce","releaseDate":"2026-04-23T01:02:24-07:00","cveNumber":"CVE-2026-22017","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:26-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22017","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22017","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22017","version":3,"revisionDate":"2026-04-24T14:42:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e02c7fd0-eb3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22017","version":1,"revisionDate":"2026-04-23T01:02:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2c53db16-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-22017","version":2,"revisionDate":"2026-04-24T01:03:37-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"120eee6c-793f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d400adfb","releaseDate":"2026-04-23T01:02:18-07:00","cveNumber":"CVE-2026-22002","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:15-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22002","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22002","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22002","version":2,"revisionDate":"2026-04-24T01:03:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"babf925d-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22002","version":3,"revisionDate":"2026-04-24T14:42:15-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d2e252c5-eb3f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22002","version":1,"revisionDate":"2026-04-23T01:02:18-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"315d960e-b03e-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000055935c43","releaseDate":"2026-04-23T01:02:13-07:00","cveNumber":"CVE-2026-34271","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:42:04-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34271","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34271","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34271","version":1,"revisionDate":"2026-04-23T01:02:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3cec9b0d-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34271","version":2,"revisionDate":"2026-04-24T01:03:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b5c96e70-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34271","version":3,"revisionDate":"2026-04-24T14:42:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c318afbe-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000015aa0dfe","releaseDate":"2026-04-23T01:02:07-07:00","cveNumber":"CVE-2026-34293","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:41:53-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34293","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34293","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34293","version":1,"revisionDate":"2026-04-23T01:02:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f0815a08-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34293","version":2,"revisionDate":"2026-04-24T01:04:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a34e3d7c-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34293","version":3,"revisionDate":"2026-04-24T14:41:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"187ad9b7-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ba1eb5a0","releaseDate":"2026-04-23T01:02:02-07:00","cveNumber":"CVE-2026-34270","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:41:42-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34270","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34270","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34270","version":1,"revisionDate":"2026-04-23T01:02:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e3406a06-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-34270","version":2,"revisionDate":"2026-04-24T01:03:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"af900873-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34270","version":3,"revisionDate":"2026-04-24T14:41:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"371478b1-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000db47f228","releaseDate":"2026-04-23T01:01:56-07:00","cveNumber":"CVE-2026-22009","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:41:31-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-22009","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-22009","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-22009","version":1,"revisionDate":"2026-04-23T01:01:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cb406a06-b03e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-22009","version":2,"revisionDate":"2026-04-24T01:03:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4d05d266-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-22009","version":3,"revisionDate":"2026-04-24T14:41:31-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dd6503ab-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008ed76f73","releaseDate":"2026-04-23T01:01:51-07:00","cveNumber":"CVE-2026-35237","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:41:20-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-35237","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35237","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35237","version":2,"revisionDate":"2026-04-24T01:04:33-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6732838e-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35237","version":1,"revisionDate":"2026-04-23T01:01:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c0493a02-b03e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-35237","version":3,"revisionDate":"2026-04-24T14:41:20-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d5b386a4-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fd835fbc","releaseDate":"2026-04-23T01:01:45-07:00","cveNumber":"CVE-2026-21998","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:41:09-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-21998","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-21998","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-21998","version":1,"revisionDate":"2026-04-23T01:01:45-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0e15ceff-af3e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21998","version":2,"revisionDate":"2026-04-24T01:03:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dfaf6857-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-21998","version":3,"revisionDate":"2026-04-24T14:41:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"80cef99d-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000008389858","releaseDate":"2026-04-23T01:01:40-07:00","cveNumber":"CVE-2026-35239","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:58-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-35239","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35239","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35239","version":1,"revisionDate":"2026-04-23T01:01:40-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"79661bf9-af3e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35239","version":2,"revisionDate":"2026-04-24T01:04:43-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8bc48a94-793f-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35239","version":3,"revisionDate":"2026-04-24T14:40:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"17da7f97-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000092c3f0b5","releaseDate":"2026-04-23T01:01:34-07:00","cveNumber":"CVE-2026-34278","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:47-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2026-34278","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-34278","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"oracle","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.9","temporalScore":"4.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"oracle","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2026-34278","version":1,"revisionDate":"2026-04-23T01:01:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"890e6ff3-af3e-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34278","version":2,"revisionDate":"2026-04-24T01:04:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"984e3d7c-793f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-34278","version":3,"revisionDate":"2026-04-24T14:40:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"479f7f91-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004733734d","releaseDate":"2026-04-22T01:01:51-07:00","cveNumber":"CVE-2026-5958","cveTitle":"Race Condition in GNU Sed","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:59:34-07:00","cweList":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"],"cweDetailsListForSearch":["cwe: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","cweUrl: https://cwe.mitre.org/data/definitions/367.html"],"mitreText":"CVE-2026-5958","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5958","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"CERT-PL","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","https://cwe.mitre.org/data/definitions/367.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-5958","version":3,"revisionDate":"2026-04-29T14:59:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b1f37806-dc43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5958","version":1,"revisionDate":"2026-04-22T01:01:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"44d1dcd5-e63d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-5958","version":2,"revisionDate":"2026-04-24T01:41:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"13eacbb7-7e3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000aab35f96","releaseDate":"2026-04-21T07:00:00-07:00","cveNumber":"CVE-2026-40372","cveTitle":"ASP.NET Core Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-28T07:00:00-07:00","description":"<p>Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-347: Improper Verification of Cryptographic Signature"],"cweDetailsListForSearch":["cwe: CWE-347: Improper Verification of Cryptographic Signature","cweUrl: https://cwe.mitre.org/data/definitions/347.html"],"unformattedDescription":"Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-40372","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40372","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"ASP.NET Core","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"9.1","temporalScore":"7.9","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-347: Improper Verification of Cryptographic Signature","https://cwe.mitre.org/data/definitions/347.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"FAQ-Reference-CVE-2026-40372","articleType":"FAQ","description":"<p><strong>How do I know if I'm affected?</strong></p>\n<p>You are affected if all three of the following are true:</p>\n<ol>\n<li>Your application uses Microsoft.AspNetCore.DataProtection 10.0.6 from NuGet (directly, or through a package that depends on it such as Microsoft.AspNetCore.DataProtection.StackExchangeRedis).</li>\n<li>The NuGet copy of the library was actually loaded at runtime \u2014 not the shared framework copy. This typically means you deploy self-contained, or your installed shared framework is older than the NuGet package version.</li>\n<li>Your application runs on Linux, macOS, or another non-Windows OS.</li>\n</ol>\n<p>How do I determine if the vulnerable binary was loaded?</p>\n<p>Check application logs. The clearest symptom is users being logged out and repeated &quot;The payload was invalid&quot; errors in your logs after upgrading to 10.0.6.\nCheck your project file. Look for a PackageReference to Microsoft.AspNetCore.DataProtection version 10.0.6 in your .csproj file (or in a package that depends on it). You can also run dotnet list package to see resolved package versions.</p>\n<p>Inspect the binary on disk. See [https://file+.vscode-resource.vscode-cdn.net/c%3A/Users/shalter/Downloads/advisory-upd-1.md#technical-details]Technical details for how to distinguish the affected NuGet binary from the correct shared framework binary by file size.</p>\n<p><strong>Additional information</strong></p>\n<p>Shared framework deployments are not affected. If your application runs framework-dependent and the installed ASP.NET Core shared framework version is \u2265 your Microsoft.AspNetCore.DataProtection PackageReference version, the correct shared framework binary is loaded and the NuGet binary is never used.</p>\n<p>Windows deployments are not affected. On Windows, DataProtection uses CNG-based encryptors by default, which do not contain this bug. 8.0.x and 9.0.x packages are not affected. The defective code path was introduced during 10.0 development and was never backported.</p>\n<p>Windows with managed algorithms: If you run on Windows but explicitly opted into managed algorithms via UseCustomCryptographicAlgorithms, you are also affected.\nOlder target frameworks: A smaller population running net462 / netstandard2.0 with Microsoft.AspNetCore.DataProtection 10.0.0\u201310.0.6 is affected on all operating systems. See [https://file+.vscode-resource.vscode-cdn.net/c%3A/Users/shalter/Downloads/advisory-upd-1.md#technical-details]Technical details for specifics.</p>\n<p><a href=\"https://github.com/dotnet/announcements/issues/395\">https://github.com/dotnet/announcements/issues/395</a></p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), but could lead to no loss of availability (A:N). What does that mean for this vulnerability?</strong></p>\n<p>Exploiting this vulnerability could allow an attacker to disclose files and modify data, but the attacker cannot impact the availability of the system.</p>\n","ordinal":10000},{"title":"ASP.NET Core Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper verification of cryptographic signature in ASP.NET Core allows an authorized attacker to elevate privileges over a network.</p>\n","ordinal":10000},{"title":"ASP.NET Core Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-40372","version":1,"revisionDate":"2026-04-21T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d6323d3f-743a-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40372","version":2,"revisionDate":"2026-04-28T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>This CVE has been updated to include the Visual Studios 2026 18.5 as an Affected Software</p>\n","unformattedDescription":"This CVE has been updated to include the Visual Studios 2026 18.5 as an Affected Software","notificationNeeded":false,"notificationSent":false,"sourceId":"f9f0ac17-2943-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-00007ccb217d","releaseDate":"2026-04-21T01:01:24-07:00","cveNumber":"CVE-2026-41254","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:59:03-07:00","cweList":["CWE-696: Incorrect Behavior Order"],"cweDetailsListForSearch":["cwe: CWE-696: Incorrect Behavior Order","cweUrl: https://cwe.mitre.org/data/definitions/696.html"],"mitreText":"CVE-2026-41254","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41254","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.0","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-696: Incorrect Behavior Order","https://cwe.mitre.org/data/definitions/696.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-41254","version":2,"revisionDate":"2026-04-29T01:41:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cadbd98a-6c43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-41254","version":1,"revisionDate":"2026-04-21T01:01:24-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f5d08398-1d3d-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-41254","version":3,"revisionDate":"2026-04-29T14:59:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4cebedf6-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000076d67c65","releaseDate":"2026-04-19T01:01:39-07:00","cveNumber":"CVE-2026-5160","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:58:47-07:00","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"mitreText":"CVE-2026-5160","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-5160","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"snyk","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.1","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","vectorStringSource":"snyk","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-5160","version":1,"revisionDate":"2026-04-19T01:01:39-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"22cbab50-8b3b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5160","version":3,"revisionDate":"2026-04-22T14:39:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f8694403-593e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5160","version":4,"revisionDate":"2026-04-23T01:38:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"44e91632-b53e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-5160","version":2,"revisionDate":"2026-04-20T14:39:30-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"286987b9-c63c-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-5160","version":5,"revisionDate":"2026-04-29T14:58:47-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"40e39ce8-db43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004c2aaa7b","releaseDate":"2026-04-18T01:02:04-07:00","cveNumber":"CVE-2025-70873","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:34-07:00","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2025-70873","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2025-70873","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","vectorStringSource":"CISA ADP","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[],"revisions":[{"cveNumber":"CVE-2025-70873","version":1,"revisionDate":"2026-04-18T01:02:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d1586835-c23a-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-70873","version":2,"revisionDate":"2026-04-18T14:41:29-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"930326aa-343b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2025-70873","version":3,"revisionDate":"2026-04-24T14:40:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3557848b-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d5560e73","releaseDate":"2026-04-18T01:01:50-07:00","cveNumber":"CVE-2026-27820","cveTitle":"zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:50:27-07:00","cweList":["CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"],"cweDetailsListForSearch":["cwe: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","cweUrl: https://cwe.mitre.org/data/definitions/120.html"],"mitreText":"CVE-2026-27820","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27820","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","https://cwe.mitre.org/data/definitions/120.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-27820","version":2,"revisionDate":"2026-04-23T01:11:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"19de7950-b13e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-27820","version":1,"revisionDate":"2026-04-18T01:01:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2d93bf28-c23a-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-27820","version":3,"revisionDate":"2026-04-23T14:40:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fecaab6c-223f-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-27820","version":4,"revisionDate":"2026-04-29T14:50:27-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9a64b1c4-da43-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000040beba7e","releaseDate":"2026-04-17T07:00:59-07:00","cveNumber":"CVE-2026-6307","cveTitle":"Chromium: CVE-2026-6307 Type Confusion in Turbofan","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:59-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6307","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6307","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6307","version":1,"revisionDate":"2026-04-17T07:00:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1063b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000041beba7e","releaseDate":"2026-04-17T07:00:58-07:00","cveNumber":"CVE-2026-6306","cveTitle":"Chromium: CVE-2026-6306 Heap buffer overflow in PDFium","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:58-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6306","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6306","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6306","version":1,"revisionDate":"2026-04-17T07:00:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fe62b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003ebeba7e","releaseDate":"2026-04-17T07:00:57-07:00","cveNumber":"CVE-2026-6305","cveTitle":"Chromium: CVE-2026-6305 Heap buffer overflow in PDFium","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:57-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6305","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6305","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6305","version":1,"revisionDate":"2026-04-17T07:00:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e862b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003fbeba7e","releaseDate":"2026-04-17T07:00:56-07:00","cveNumber":"CVE-2026-6304","cveTitle":"Chromium: CVE-2026-6304 Use after free in Graphite","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:56-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6304","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6304","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6304","version":1,"revisionDate":"2026-04-17T07:00:56-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d662b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000044beba7e","releaseDate":"2026-04-17T07:00:55-07:00","cveNumber":"CVE-2026-6303","cveTitle":"Chromium: CVE-2026-6303 Use after free in Codecs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:55-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6303","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6303","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6303","version":1,"revisionDate":"2026-04-17T07:00:55-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"fb26b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000045beba7e","releaseDate":"2026-04-17T07:00:54-07:00","cveNumber":"CVE-2026-6302","cveTitle":"Chromium: CVE-2026-6302 Use after free in Video","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:54-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6302","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6302","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6302","version":1,"revisionDate":"2026-04-17T07:00:54-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"e926b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000042beba7e","releaseDate":"2026-04-17T07:00:53-07:00","cveNumber":"CVE-2026-6301","cveTitle":"Chromium: CVE-2026-6301 Type Confusion in Turbofan","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:53-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6301","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6301","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6301","version":1,"revisionDate":"2026-04-17T07:00:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"d726b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000043beba7e","releaseDate":"2026-04-17T07:00:52-07:00","cveNumber":"CVE-2026-6300","cveTitle":"Chromium: CVE-2026-6300 Use after free in CSS","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:52-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6300","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6300","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6300","version":1,"revisionDate":"2026-04-17T07:00:52-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c126b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000098ee4ef1","releaseDate":"2026-04-17T07:00:51-07:00","cveNumber":"CVE-2026-6299","cveTitle":"Chromium: CVE-2026-6299 Use after free in Prerender","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:51-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6299","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6299","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6299","version":1,"revisionDate":"2026-04-17T07:00:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"af26b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-000097ee4ef1","releaseDate":"2026-04-17T07:00:50-07:00","cveNumber":"CVE-2026-6298","cveTitle":"Chromium: CVE-2026-6298 Heap buffer overflow in Skia","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:50-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6298","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6298","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6298","version":1,"revisionDate":"2026-04-17T07:00:50-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9926b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00009eee4ef1","releaseDate":"2026-04-17T07:00:49-07:00","cveNumber":"CVE-2026-6297","cveTitle":"Chromium: CVE-2026-6297 Use after free in Proxy","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:49-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6297","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6297","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6297","version":1,"revisionDate":"2026-04-17T07:00:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8726b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00009dee4ef1","releaseDate":"2026-04-17T07:00:46-07:00","cveNumber":"CVE-2026-6296","cveTitle":"Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:46-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6296","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6296","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6296","version":1,"revisionDate":"2026-04-17T07:00:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7326b7bc-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e179a74e","releaseDate":"2026-04-17T07:00:14-07:00","cveNumber":"CVE-2026-6364","cveTitle":"Chromium: CVE-2026-6364 Out of bounds read in Skia","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:14-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6364","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6364","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6364","version":1,"revisionDate":"2026-04-17T07:00:14-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"c326afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e679a74e","releaseDate":"2026-04-17T07:00:13-07:00","cveNumber":"CVE-2026-6363","cveTitle":"Chromium: CVE-2026-6363 Type Confusion in V8","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:13-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6363","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6363","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6363","version":1,"revisionDate":"2026-04-17T07:00:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b126afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e779a74e","releaseDate":"2026-04-17T07:00:12-07:00","cveNumber":"CVE-2026-6362","cveTitle":"Chromium: CVE-2026-6362 Use after free in Codecs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:12-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6362","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6362","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6362","version":1,"revisionDate":"2026-04-17T07:00:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"9f26afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e479a74e","releaseDate":"2026-04-17T07:00:11-07:00","cveNumber":"CVE-2026-6361","cveTitle":"Chromium: CVE-2026-6361 Heap buffer overflow in PDFium","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:11-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6361","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6361","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6361","version":1,"revisionDate":"2026-04-17T07:00:11-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8926afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000e579a74e","releaseDate":"2026-04-17T07:00:10-07:00","cveNumber":"CVE-2026-6360","cveTitle":"Chromium: CVE-2026-6360 Use after free in FileSystem","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:10-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6360","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6360","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6360","version":1,"revisionDate":"2026-04-17T07:00:10-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7726afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a04913dc","releaseDate":"2026-04-17T07:00:09-07:00","cveNumber":"CVE-2026-6318","cveTitle":"Chromium: CVE-2026-6318 Use after free in Codecs","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:09-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6318","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6318","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6318","version":1,"revisionDate":"2026-04-17T07:00:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4f26afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00000b1cb166","releaseDate":"2026-04-17T07:00:09-07:00","cveNumber":"CVE-2026-6359","cveTitle":"Chromium: CVE-2026-6359 Use after free in Video","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:09-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6359","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6359","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6359","version":1,"revisionDate":"2026-04-17T07:00:09-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6126afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a54913dc","releaseDate":"2026-04-17T07:00:08-07:00","cveNumber":"CVE-2026-6317","cveTitle":"Chromium: CVE-2026-6317 Use after free in Cast","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:08-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6317","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6317","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6317","version":1,"revisionDate":"2026-04-17T07:00:08-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3d26afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a64913dc","releaseDate":"2026-04-17T07:00:06-07:00","cveNumber":"CVE-2026-6316","cveTitle":"Chromium: CVE-2026-6316 Use after free in Forms","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:06-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6316","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6316","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6316","version":1,"revisionDate":"2026-04-17T07:00:06-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2726afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a44913dc","releaseDate":"2026-04-17T07:00:05-07:00","cveNumber":"CVE-2026-6314","cveTitle":"Chromium: CVE-2026-6314 Out of bounds write in GPU","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:05-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6314","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6314","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6314","version":1,"revisionDate":"2026-04-17T07:00:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"1526afc8-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000aa4913dc","releaseDate":"2026-04-17T07:00:04-07:00","cveNumber":"CVE-2026-6312","cveTitle":"Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:04-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6312","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6312","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6312","version":1,"revisionDate":"2026-04-17T07:00:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"7263b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a94913dc","releaseDate":"2026-04-17T07:00:04-07:00","cveNumber":"CVE-2026-6313","cveTitle":"Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:04-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6313","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6313","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6313","version":1,"revisionDate":"2026-04-17T07:00:04-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"8463b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a74913dc","releaseDate":"2026-04-17T07:00:03-07:00","cveNumber":"CVE-2026-6311","cveTitle":"Chromium: CVE-2026-6311 Uninitialized Use in Accessibility","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:03-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6311","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6311","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6311","version":1,"revisionDate":"2026-04-17T07:00:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"6063b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000a84913dc","releaseDate":"2026-04-17T07:00:02-07:00","cveNumber":"CVE-2026-6310","cveTitle":"Chromium: CVE-2026-6310 Use after free in Dawn","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:02-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6310","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6310","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6310","version":1,"revisionDate":"2026-04-17T07:00:02-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"4a63b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003abeba7e","releaseDate":"2026-04-17T07:00:01-07:00","cveNumber":"CVE-2026-6309","cveTitle":"Chromium: CVE-2026-6309 Use after free in Viz","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:01-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6309","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6309","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6309","version":1,"revisionDate":"2026-04-17T07:00:01-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"3863b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-00003bbeba7e","releaseDate":"2026-04-17T07:00:00-07:00","cveNumber":"CVE-2026-6308","cveTitle":"Chromium: CVE-2026-6308 Out of bounds read in Media","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T07:00:00-07:00","description":"<p>This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href=\"https://chromereleases.googleblog.com/2026\">Google Chrome Releases</a> for more information.</p>\n","cweList":[],"cweDetailsListForSearch":[],"unformattedDescription":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","mitreText":"CVE-2026-6308","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-6308","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Edge (Chromium-based)","issuingCna":"Chrome","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>\n<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>\n<p><strong>How can I see the version of the browser?</strong></p>\n<ol>\n<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>\n<li>Click on <strong>Help and Feedback</strong></li>\n<li>Click on <strong>About Microsoft Edge</strong></li>\n</ol>\n","ordinal":100},{"articleType":"FAQ","description":"<p><strong>What is the version information for this release?</strong></p>\n<table>\n<thead>\n<tr>\n<th>Microsoft Edge Version</th>\n<th>Date Released</th>\n<th>Based on Chromium Version</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>147.0.3912.72</td>\n<td>04/17/2026</td>\n<td>147.0.7727.102</td>\n</tr>\n</tbody>\n</table>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-6308","version":1,"revisionDate":"2026-04-17T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"2263b2c2-043a-f111-8ce1-000d3ac30a19"}]},{"id":"00000000-0000-0000-0000-0000f645a376","releaseDate":"2026-04-17T01:02:19-07:00","cveNumber":"CVE-2026-39956","cveTitle":"jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:26-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-39956","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-39956","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.1","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-39956","version":1,"revisionDate":"2026-04-17T01:02:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"21622113-f939-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-39956","version":2,"revisionDate":"2026-04-18T14:41:22-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8fa082a6-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-39956","version":3,"revisionDate":"2026-04-24T14:40:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"06259584-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002b08148b","releaseDate":"2026-04-17T01:01:59-07:00","cveNumber":"CVE-2026-35469","cveTitle":"SpdyStream: DOS on CRI","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T01:01:59-07:00","cweList":["CWE-770: Allocation of Resources Without Limits or Throttling"],"cweDetailsListForSearch":["cwe: CWE-770: Allocation of Resources Without Limits or Throttling","cweUrl: https://cwe.mitre.org/data/definitions/770.html"],"mitreText":"CVE-2026-35469","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35469","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-770: Allocation of Resources Without Limits or Throttling","https://cwe.mitre.org/data/definitions/770.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35469","version":1,"revisionDate":"2026-04-17T01:01:59-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f45fa705-f939-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-0000d5acdaca","releaseDate":"2026-04-17T01:01:51-07:00","cveNumber":"CVE-2026-40164","cveTitle":"jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:19-07:00","cweList":["CWE-328: Use of Weak Hash"],"cweDetailsListForSearch":["cwe: CWE-328: Use of Weak Hash","cweUrl: https://cwe.mitre.org/data/definitions/328.html"],"mitreText":"CVE-2026-40164","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-40164","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.5","temporalScore":"7.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-328: Use of Weak Hash","https://cwe.mitre.org/data/definitions/328.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-40164","version":1,"revisionDate":"2026-04-17T01:01:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2fb180ff-f839-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40164","version":2,"revisionDate":"2026-04-18T14:41:13-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"88a082a6-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-40164","version":3,"revisionDate":"2026-04-24T14:40:19-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ef249584-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b7150f04","releaseDate":"2026-04-17T01:01:42-07:00","cveNumber":"CVE-2026-39979","cveTitle":"jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:12-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-39979","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-39979","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-39979","version":1,"revisionDate":"2026-04-17T01:01:42-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1fb180ff-f839-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-39979","version":2,"revisionDate":"2026-04-18T14:41:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0cf193a2-343b-f111-93fa-000d3afbc7d7"},{"cveNumber":"CVE-2026-39979","version":3,"revisionDate":"2026-04-24T14:40:12-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6cfa677e-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001b8bb6a6","releaseDate":"2026-04-17T01:01:34-07:00","cveNumber":"CVE-2026-33948","cveTitle":"jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:40:05-07:00","cweList":["CWE-170: Improper Null Termination"],"cweDetailsListForSearch":["cwe: CWE-170: Improper Null Termination","cweUrl: https://cwe.mitre.org/data/definitions/170.html"],"mitreText":"CVE-2026-33948","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33948","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-170: Improper Null Termination","https://cwe.mitre.org/data/definitions/170.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33948","version":1,"revisionDate":"2026-04-17T01:01:34-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"9a0d88f9-f839-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33948","version":2,"revisionDate":"2026-04-18T14:41:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d8a6569a-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33948","version":3,"revisionDate":"2026-04-24T14:40:05-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b80c2878-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000022d2fbd3","releaseDate":"2026-04-17T01:01:26-07:00","cveNumber":"CVE-2026-33947","cveTitle":"jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:39:58-07:00","cweList":["CWE-674: Uncontrolled Recursion"],"cweDetailsListForSearch":["cwe: CWE-674: Uncontrolled Recursion","cweUrl: https://cwe.mitre.org/data/definitions/674.html"],"mitreText":"CVE-2026-33947","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33947","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"6.2","temporalScore":"6.2","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-674: Uncontrolled Recursion","https://cwe.mitre.org/data/definitions/674.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33947","version":1,"revisionDate":"2026-04-17T01:01:26-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"be1d38f3-f839-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33947","version":2,"revisionDate":"2026-04-18T14:40:53-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d3a6569a-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33947","version":3,"revisionDate":"2026-04-24T14:39:58-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a70c2878-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00009344811e","releaseDate":"2026-04-17T01:01:17-07:00","cveNumber":"CVE-2026-32316","cveTitle":"jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-24T14:39:51-07:00","cweList":["CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"mitreText":"CVE-2026-32316","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32316","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"8.2","temporalScore":"8.2","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-32316","version":1,"revisionDate":"2026-04-17T01:01:17-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"c8b50eec-f839-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32316","version":2,"revisionDate":"2026-04-18T14:40:46-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"50725494-343b-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-32316","version":3,"revisionDate":"2026-04-24T14:39:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"a62cf071-eb3f-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000033935c43","releaseDate":"2026-04-15T01:05:07-07:00","cveNumber":"CVE-2026-35201","cveTitle":"Discount has an Out-of-bounds Read in rdiscount","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-17T01:40:21-07:00","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"mitreText":"CVE-2026-35201","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-35201","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"GitHub_M","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"5.9","temporalScore":"5.9","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","vectorStringSource":"GitHub_M","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-35201","version":1,"revisionDate":"2026-04-15T01:05:07-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"bb20dc1f-6738-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35201","version":3,"revisionDate":"2026-04-17T01:40:21-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"baed1e64-fe39-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-35201","version":2,"revisionDate":"2026-04-15T14:46:03-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6d9a33d0-d938-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ff2de008","releaseDate":"2026-04-15T01:01:51-07:00","cveNumber":"CVE-2026-33555","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-29T14:57:49-07:00","cweList":["CWE-130: Improper Handling of Length Parameter Inconsistency"],"cweDetailsListForSearch":["cwe: CWE-130: Improper Handling of Length Parameter Inconsistency","cweUrl: https://cwe.mitre.org/data/definitions/130.html"],"mitreText":"CVE-2026-33555","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33555","latestSoftwareReleaseId":0,"olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Mariner","issuingCna":"mitre","issuingCnaId":100000002,"severityId":0,"impactId":0,"langCode":"en-US","baseScore":"4.0","temporalScore":"4.0","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","vectorStringSource":"mitre","isMariner":true,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-130: Improper Handling of Length Parameter Inconsistency","https://cwe.mitre.org/data/definitions/130.html"]}],"articles":[],"revisions":[{"cveNumber":"CVE-2026-33555","version":2,"revisionDate":"2026-04-22T14:38:57-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"dc43bdfc-583e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33555","version":3,"revisionDate":"2026-04-29T14:57:49-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2163f4c7-db43-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-33555","version":1,"revisionDate":"2026-04-15T01:01:51-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"3877dbab-6638-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008e4c1716","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32214","cveTitle":"Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32214","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32214","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Universal Plug and Play (upnp.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.</p>\n","ordinal":10000},{"title":"Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32214","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7b60b130-1c29-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000811ea5fb","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33829","cveTitle":"Windows Snipping Tool Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-33829","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33829","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Snipping Tool","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000002,"severity":"Moderate","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"4.3","temporalScore":"3.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must induce the user into launching a crafted malicious link and confirming the launch of the Snipping Tool program.</p>\n","ordinal":10000},{"title":"Windows Snipping Tool Spoofing Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An attacker could induce the user into clicking a specially crafted link in a Web browser or other URL source, by embedding it in a Web page or email message. If the user approves the launching of the link, the crafted URL can induce the computer to connect to an SMB server of the attacker\u2019s choosing, which would disclose the user\u2019s NTLMv2 hash to the attacker, who could use this to authenticate as the user.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33829","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"539880e2-f431-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000527c9be3","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33824","cveTitle":"Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-33824","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33824","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows IKE Extension","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"title":"Windows IKE Extension Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An unauthenticated attacker could send specially crafted packets to a Windows machine with Internet Key Exchange (IKE) version 2 enabled, which could enable remote code execution.</p>\n","ordinal":10000},{"title":"Mitigation-CVE-2026-33824","articleType":"Mitigation","description":"<p>The following <a href=\"https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation\">mitigating factors</a> might be helpful in your situation:</p>\n<p>Customers who cannot immediately install the security update can take one of the following actions, depending on their environment:</p>\n<ul>\n<li>Block inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE.</li>\n<li>For systems that require IKE, configure firewall rules to allow inbound traffic on UDP ports 500 and 4500 only from known peer addresses.</li>\n</ul>\n<p><em><strong>These actions reduce the attack surface but do not replace installing the security update when it becomes available.</strong></em></p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33824","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f8f79c43-a92f-f111-939a-000d3ac5fb71"}]},{"id":"00000000-0000-0000-0000-000023da91cb","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33827","cveTitle":"Windows TCP/IP Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-33827","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33827","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows TCP/IP","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.1","temporalScore":"7.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p>\n","ordinal":10000},{"title":"Windows TCP/IP Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"title":"FAQ-Exploit-IPV6","articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33827","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0b4052c6-e731-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000017a9fcd1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33115","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-33115","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33115","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>Yes, the Preview Pane is an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33115","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"fe245193-662d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b21da474","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33114","cveTitle":"Microsoft Word Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-33114","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33114","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Word","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"title":"Microsoft Office Word Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>Yes, the Preview Pane is an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33114","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ffc2fd7e-622d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000b31da474","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33104","cveTitle":"Win32k Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33104","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33104","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Win32K - GRFX","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Win32K - GRFX Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33104","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"42f5dd49-332a-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000ba64e9a1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33103","cveTitle":"Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-28T07:00:00-07:00","description":"<p>Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-284: Improper Access Control"],"cweDetailsListForSearch":["cwe: CWE-284: Improper Access Control","cweUrl: https://cwe.mitre.org/data/definitions/284.html"],"unformattedDescription":"Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-33103","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33103","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Dynamics 365 (on-premises)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-284: Improper Access Control","https://cwe.mitre.org/data/definitions/284.html"]}],"articles":[{"title":"Microsoft Dynamics 365 (on-premises) Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33103","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8a310409-7129-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-33103","version":1.1,"revisionDate":"2026-04-28T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Added acknowledgements. This is an informational change only.</p>\n","unformattedDescription":"Added acknowledgements. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"3dcd08fe-1543-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000847b9a5c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33101","cveTitle":"Windows Print Spooler Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33101","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33101","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Print Spooler Components","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Print Spooler Components Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33101","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"04d785d9-5f29-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00001ff041ff","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33100","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33100","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33100","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33100","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5a5c2eab-5f29-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00004e286c69","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-33099","cveTitle":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-33099","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-33099","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Ancillary Function Driver for WinSock","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-33099","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cb15b661-5f29-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00002ac1beb8","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32225","cveTitle":"Windows Shell Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.</p>\n","cweList":["CWE-693: Protection Mechanism Failure"],"cweDetailsListForSearch":["cwe: CWE-693: Protection Mechanism Failure","cweUrl: https://cwe.mitre.org/data/definitions/693.html"],"unformattedDescription":"Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.","mitreText":"CVE-2026-32225","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32225","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Shell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-693: Protection Mechanism Failure","https://cwe.mitre.org/data/definitions/693.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>This vulnerability could allow an attacker to bypass SmartScreen protections that rely on the Mark of the Web (MotW) to identify files originating from the internet.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An attacker could exploit this issue by convincing a user to open a specially crafted .lnk file delivered through email, a website download, or removable media. When opened, the shortcut causes Windows to launch commands or Control Panel applets without proper MotW handling, potentially allowing arbitrary command execution or loading attacker\u2011controlled DLLs.</p>\n","ordinal":10000},{"title":"Windows Shell Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>To successfully exploit this vulnerability, an attacker must convince a user to open a malicious link or shortcut file.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32225","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7fb2c23d-3729-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00005eaa0dfe","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32203","cveTitle":".NET and Visual Studio Denial of Service Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-20T07:00:00-07:00","description":"<p>Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.</p>\n","cweList":["CWE-121: Stack-based Buffer Overflow","CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html","cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-32203","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32203","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET and Visual Studio","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":".NET and Visual Studio Denial of Service Vulnerability","articleType":"100000000","description":"<p>Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32203","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2ecd1ca7-1b27-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-32203","version":1.1,"revisionDate":"2026-04-20T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Download links fixed</p>\n","unformattedDescription":"Download links fixed","notificationNeeded":false,"notificationSent":false,"sourceId":"1b8d0019-403d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000015d92b7","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-26171","cveTitle":".NET Denial of Service Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-22T07:00:00-07:00","description":"<p>Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.</p>\n","cweList":["CWE-400: Uncontrolled Resource Consumption","CWE-611: Improper Restriction of XML External Entity Reference"],"cweDetailsListForSearch":["cwe: CWE-400: Uncontrolled Resource Consumption","cweUrl: https://cwe.mitre.org/data/definitions/400.html","cwe: CWE-611: Improper Restriction of XML External Entity Reference","cweUrl: https://cwe.mitre.org/data/definitions/611.html"],"unformattedDescription":"Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.","mitreText":"CVE-2026-26171","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26171","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":".NET","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000001,"impact":"Denial of Service","langCode":"en-US","baseScore":"7.5","temporalScore":"6.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-400: Uncontrolled Resource Consumption","https://cwe.mitre.org/data/definitions/400.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-611: Improper Restriction of XML External Entity Reference","https://cwe.mitre.org/data/definitions/611.html"]}],"articles":[{"title":".NET Denial of Service Vulnerability","articleType":"100000000","description":"<p>Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26171","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2935fc82-0727-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-26171","version":2,"revisionDate":"2026-04-22T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>The CVE was updated to include Powershell 7.6 and 7.5</p>\n","unformattedDescription":"The CVE was updated to include Powershell 7.6 and 7.5","notificationNeeded":false,"notificationSent":false,"sourceId":"ee832c83-cf3d-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000094935c43","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32201","cveTitle":"Microsoft SharePoint Server Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-20: Improper Input Validation"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html"],"unformattedDescription":"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-32201","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32201","publiclyDisclosed":"No","exploited":"Yes","latestSoftwareReleaseId":0,"latestSoftwareRelease":"Exploitation Detected","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"6.5","temporalScore":"6.0","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]}],"articles":[{"title":"Microsoft Office SharePoint Spoofing Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32201","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"1263291c-f423-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-32201","version":1.1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Added an acknowledgement. This is an informational change only.</p>\n","unformattedDescription":"Added an acknowledgement. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"b6b4da55-4238-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000f91eb5a0","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32200","cveTitle":"Microsoft PowerPoint Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32200","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32200","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office PowerPoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office PowerPoint Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit the vulnerability?</strong></p>\n<p>An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32200","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"b4445c54-f323-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007420d671","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32199","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32199","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32199","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must send a user a malicious Office file and convince them to open it.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32199","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"2b43c789-f223-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000f957d14","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32198","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32198","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32198","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must send a user a malicious Office file and convince them to open it.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32198","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"675f5110-f223-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000066924b17","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32197","cveTitle":"Microsoft Excel Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32197","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32197","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Excel Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>An attacker must send a user a malicious Office file and convince them to open it.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>No, the Preview Pane is not an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32197","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d727b981-f123-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000107f3b9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32196","cveTitle":"Windows Admin Center Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.</p>\n","cweList":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"cweDetailsListForSearch":["cwe: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweUrl: https://cwe.mitre.org/data/definitions/79.html"],"unformattedDescription":"Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.","mitreText":"CVE-2026-32196","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32196","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Admin Center","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"6.1","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","https://cwe.mitre.org/data/definitions/79.html"]}],"articles":[{"title":"Windows Admin Center Spoofing Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to the attacker gaining the ability to interact with other tenant\u2019s applications and content.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32196","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"06f42f4f-ed23-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000037f041ff","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32190","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.","mitreText":"CVE-2026-32190","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32190","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Office Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>\n<p>Yes, the Preview Pane is an attack vector.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32190","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"adf3d792-9e23-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00000707f3b9","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32176","cveTitle":"SQL Server Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"cweDetailsListForSearch":["cwe: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","cweUrl: https://cwe.mitre.org/data/definitions/89.html"],"unformattedDescription":"Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32176","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32176","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"SQL Server","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"6.7","temporalScore":"5.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","https://cwe.mitre.org/data/definitions/89.html"]}],"articles":[{"title":"SQL Server Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SQL sysadmin privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p>\n<p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p>\n<p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p>\n<ul>\n<li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href=\"https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates\">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li>\n<li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li>\n</ul>\n<p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p>\n<table>\n<thead>\n<tr>\n<th>Update Number</th>\n<th>Title</th>\n<th>Version</th>\n<th>Apply if current product version is\u2026</th>\n<th>This security update also includes servicing releases up through\u2026</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><strong>5083245</strong></td>\n<td>Security update for SQL Server 2025 CU3+GDR</td>\n<td>17.0.4030.1</td>\n<td>17.0.4006.2 - 17.0.4025.3</td>\n<td>KB5077896 -\u00a0Previous SQL2025 RTM CU3</td>\n</tr>\n<tr>\n<td><strong>5084814</strong></td>\n<td>Security update for SQL Server 2025 RTM+GDR</td>\n<td>17.0.1110.1</td>\n<td>17.0.1000.7 - 17.0.1105.2</td>\n<td>KB5077468 - Previous SQL2025 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5083252</strong></td>\n<td>Security update for SQL Server 2022 CU24+GDR</td>\n<td>16.0.4250.1</td>\n<td>16.0.4003.1 -\u00a016.0.4245.2</td>\n<td>KB5080999 - Previous SQL2022 RTM CU24</td>\n</tr>\n<tr>\n<td><strong>5084815</strong></td>\n<td>Security update for SQL Server 2022 RTM+GDR</td>\n<td>16.0.1175.1</td>\n<td>16.0.1000.6 -\u00a016.0.1170.5</td>\n<td>KB5077465 - Previous SQL2022 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084816</strong></td>\n<td>Security update for SQL Server 2019 CU32+GDR</td>\n<td>15.0.4465.1</td>\n<td>15.0.4003.23 - 15.0.4460.4</td>\n<td>KB 5077469 - Previous SQL2019 RTM CU32 GDR</td>\n</tr>\n<tr>\n<td><strong>5084817</strong></td>\n<td>Security update for SQL Server 2019 RTM+GDR</td>\n<td>15.0.2165.1</td>\n<td>15.0.2000.5 -\u00a015.0.2160.4</td>\n<td>KB 5077470 - Previous SQL2019 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084818</strong></td>\n<td>Security update for SQL Server 2017 CU31+GDR</td>\n<td>14.0.3525.1</td>\n<td>14.0.3006.16 - 14.0.3520.4</td>\n<td>KB 5077471 - Previous SQL2017 RTM CU31 GDR</td>\n</tr>\n<tr>\n<td><strong>5084819</strong></td>\n<td>Security update for SQL Server 2017 RTM+GDR</td>\n<td>14.0.2105.1</td>\n<td>14.0.1000.169 - 14.0.2100.4</td>\n<td>KB 5077472 - Previous SQL2017 RTM GDR</td>\n</tr>\n<tr>\n<td><strong>5084820</strong></td>\n<td>Security update for SQL Server 2016 Azure Connect Feature Pack+GDR</td>\n<td>13.0.7080.1</td>\n<td>13.0.7000.253 - 13.0.7075.5</td>\n<td>KB 5077473 - Previous SQL2016 Azure Connect Feature Pack\u00a0GDR</td>\n</tr>\n<tr>\n<td><strong>5084821</strong></td>\n<td>Security update for SQL Server 2016 SP3+GDR</td>\n<td>13.0.6485.1</td>\n<td>13.0.6300.2 - 13.0.6480.4</td>\n<td>KB 5077474 - Previous SQL2016 RTM GDR</td>\n</tr>\n</tbody>\n</table>\n<p><strong>What are the GDR and CU update designations and how do they differ?</strong></p>\n<p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p>\n<ul>\n<li>GDR updates \u2013 cumulatively only contain security updates for the given baseline.</li>\n<li>CU updates \u2013 cumulatively contain all functional fixes and security updates for the given baseline.</li>\n</ul>\n<p>For any given baseline, either the GDR or CU updates could be options (see below).</p>\n<ul>\n<li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li>\n<li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li>\n<li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li>\n</ul>\n<p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p>\n<p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p>\n<p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32176","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ef55c5ee-2922-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a27b9a5c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32171","cveTitle":"Azure Logic Apps Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.</p>\n","cweList":["CWE-522: Insufficiently Protected Credentials"],"cweDetailsListForSearch":["cwe: CWE-522: Insufficiently Protected Credentials","cweUrl: https://cwe.mitre.org/data/definitions/522.html"],"unformattedDescription":"Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.","mitreText":"CVE-2026-32171","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32171","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Azure Logic Apps","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.8","temporalScore":"7.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-522: Insufficiently Protected Credentials","https://cwe.mitre.org/data/definitions/522.html"]}],"articles":[{"title":"Azure Logic Apps Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit the vulnerability?</strong></p>\n<p>An attacker could create a forged authentication token and use it to access administrative function APIs. This may allow them to retrieve keys, access the file system, and deploy unauthorized code within the Logic Apps environment.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How do customers mitigate this vulnerability?</strong></p>\n<p>Customers are protected through service-side (control plane) updates, which are automatically applied\u2014there is no download, build number, or manual update required to receive the fix.</p>\n<p>The only exception is for existing Logic Apps that were created when WEBSITE_AUTH_ENCRYPTION_KEY was configured as an environment variable. For those existing apps, customers must make a small update (edit any environment variable) to trigger the change and fully mitigate the issue.</p>\n<p>New or updated Logic Apps already use a secret reference for the auth key and are automatically mitigated without any customer action.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32171","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"847823a8-5a21-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d01da474","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32164","cveTitle":"Windows User Interface Core Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32164","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32164","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows User Interface Core","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"title":"Windows User Interface Core Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer Isolation</a> for more information.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a> for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32164","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6ac47cf0-511e-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d764e9a1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32163","cveTitle":"Windows User Interface Core Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32163","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32163","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows User Interface Core","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows User Interface Core Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a> for more information.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer Isolation</a> for more information.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32163","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"290b97c1-511e-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000072d99044","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32162","cveTitle":"Windows COM Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data"],"cweDetailsListForSearch":["cwe: CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data","cweUrl: https://cwe.mitre.org/data/definitions/349.html"],"unformattedDescription":"Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32162","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32162","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows COM","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data","https://cwe.mitre.org/data/definitions/349.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows COM Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32162","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"37b10b35-491e-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000034a9fcd1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32155","cveTitle":"Desktop Window Manager Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32155","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32155","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Desktop Window Manager","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p>\n","ordinal":10000},{"title":"Desktop Window Manager Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"title":"Windows DWM Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32155","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"aff8e898-021d-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d664e9a1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32153","cveTitle":"Windows Speech Runtime Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free","CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html","cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32153","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32153","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Windows Speech","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Microsoft Windows Speech Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"title":"Microsoft Windows Speech Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32153","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5bf71d49-021d-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000a07b9a5c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32151","cveTitle":"Windows Shell Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.","mitreText":"CVE-2026-32151","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32151","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Shell","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the local memory address.</p>\n","ordinal":10000},{"title":"Windows Shell Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32151","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7abe4798-ec1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00003bf041ff","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32150","cveTitle":"Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32150","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32150","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Function Discovery Service (fdwsd.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32150","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e5f0bd52-ec1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00007720d671","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32149","cveTitle":"Windows Hyper-V Remote Code Execution Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.</p>\n","cweList":["CWE-20: Improper Input Validation","CWE-191: Integer Underflow (Wrap or Wraparound)","CWE-122: Heap-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-20: Improper Input Validation","cweUrl: https://cwe.mitre.org/data/definitions/20.html","cwe: CWE-191: Integer Underflow (Wrap or Wraparound)","cweUrl: https://cwe.mitre.org/data/definitions/191.html","cwe: CWE-122: Heap-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/122.html"],"unformattedDescription":"Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.","mitreText":"CVE-2026-32149","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32149","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Role: Windows Hyper-V","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"7.3","temporalScore":"6.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-20: Improper Input Validation","https://cwe.mitre.org/data/definitions/20.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-191: Integer Underflow (Wrap or Wraparound)","https://cwe.mitre.org/data/definitions/191.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-122: Heap-based Buffer Overflow","https://cwe.mitre.org/data/definitions/122.html"]}],"articles":[{"title":"Windows Hyper-V Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>\n<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\nThe vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>\n<p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32149","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"533270a9-eb1c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000097833054","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32091","cveTitle":"Microsoft Brokering File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html","cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32091","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32091","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Brokering File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"8.4","temporalScore":"7.3","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]},{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Microsoft Brokering File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain the privileges of the logged-on user.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32091","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"692687cd-e91c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d3b3c4c6","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32088","cveTitle":"Windows Biometric Service Security Feature Bypass Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.","mitreText":"CVE-2026-32088","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32088","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Biometric Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"6.1","temporalScore":"5.3","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows Biometric Service Security Feature Bypass Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>This vulnerability could allow an attacker to bypass the Windows biometric authentication feature. A malicious biometric device could be incorrectly recognized as trusted, allowing an attacker to falsely present biometric data and potentially gain access to the device without the legitimate user's fingerprint or face.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32088","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"e496c0f1-e81c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000c5253a6c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32086","cveTitle":"Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32086","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32086","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Function Discovery Service (fdwsd.dll)","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000},{"title":"Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32086","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d22d427f-e81c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-00008f3ceb26","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32084","cveTitle":"Windows Print Spooler Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32084","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32084","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows File Explorer","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"title":"Windows File Explorer Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an address from an object operating at a High Integrity Level in a contained (&quot;sandboxed&quot;) execution environment.</p>\n<p>Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a>  for more information.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32084","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"7e94642d-e81c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000fb0e89b1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32080","cveTitle":"Windows WalletService Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32080","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32080","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows WalletService","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows WalletService Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32080","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"57285eaf-e71c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000075286c69","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32079","cveTitle":"Web Account Manager Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>\n","cweList":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"cweDetailsListForSearch":["cwe: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweUrl: https://cwe.mitre.org/data/definitions/200.html"],"unformattedDescription":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.","mitreText":"CVE-2026-32079","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32079","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows File Explorer","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","https://cwe.mitre.org/data/definitions/200.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an address from an object operating at a High Integrity Level in a contained (&quot;sandboxed&quot;) execution environment.</p>\n<p>Please refer to <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation\">AppContainer isolation</a> and <a href=\"https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control\">Mandatory Integrity Control</a>  for more information.</p>\n","ordinal":10000},{"title":"Windows File Explorer Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32079","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"4d42f057-e71c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000dab3c4c6","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32078","cveTitle":"Windows Projected File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32078","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32078","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Projected File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Projected File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32078","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d6a30228-e71c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000679ae10e","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32077","cveTitle":"Windows UPnP Device Host Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-20T07:00:00-07:00","description":"<p>Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-822: Untrusted Pointer Dereference"],"cweDetailsListForSearch":["cwe: CWE-822: Untrusted Pointer Dereference","cweUrl: https://cwe.mitre.org/data/definitions/822.html"],"unformattedDescription":"Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32077","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32077","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Universal Plug and Play (UPnP) Device Host","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-822: Untrusted Pointer Dereference","https://cwe.mitre.org/data/definitions/822.html"]}],"articles":[{"title":"Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32077","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"53ff84e3-e61c-f111-93f8-000d3afbc7d7"},{"cveNumber":"CVE-2026-32077","version":1.1,"revisionDate":"2026-04-20T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.</p>\n","unformattedDescription":"Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"933b4e1f-f23c-f111-93fa-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000cc253a6c","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32076","cveTitle":"Windows Storage Spaces Controller Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32076","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32076","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Storage Spaces Controller","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Storage Spaces Controller Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32076","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8cadccca-e61c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000963ceb26","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32074","cveTitle":"Windows Projected File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32074","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32074","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Projected File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000},{"title":"Windows Projected File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32074","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"efd03a7b-e61c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000038f8d7f6","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32072","cveTitle":"Active Directory Spoofing Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.</p>\n","cweList":["CWE-287: Improper Authentication"],"cweDetailsListForSearch":["cwe: CWE-287: Improper Authentication","cweUrl: https://cwe.mitre.org/data/definitions/287.html"],"unformattedDescription":"Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.","mitreText":"CVE-2026-32072","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32072","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Active Directory","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000008,"impact":"Spoofing","langCode":"en-US","baseScore":"6.2","temporalScore":"5.4","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-287: Improper Authentication","https://cwe.mitre.org/data/definitions/287.html"]}],"articles":[{"title":"Windows Active Directory Spoofing Vulnerability","articleType":"100000000","description":"<p>Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32072","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f2e3472e-e61c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000020f89b1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32070","cveTitle":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-416: Use After Free"],"cweDetailsListForSearch":["cwe: CWE-416: Use After Free","cweUrl: https://cwe.mitre.org/data/definitions/416.html"],"unformattedDescription":"Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32070","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32070","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Common Log File System Driver","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-416: Use After Free","https://cwe.mitre.org/data/definitions/416.html"]}],"articles":[{"title":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"title":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>\n<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32070","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"280df0f7-e01c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000074286c69","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32069","cveTitle":"Windows Projected File System Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-415: Double Free"],"cweDetailsListForSearch":["cwe: CWE-415: Double Free","cweUrl: https://cwe.mitre.org/data/definitions/415.html"],"unformattedDescription":"Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32069","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32069","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Projected File System","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"6.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-415: Double Free","https://cwe.mitre.org/data/definitions/415.html"]}],"articles":[{"title":"Windows Projected File System Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32069","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5ad9eee0-e01c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-0000d9b3c4c6","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-32068","cveTitle":"Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p>\n","cweList":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"],"cweDetailsListForSearch":["cwe: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","cweUrl: https://cwe.mitre.org/data/definitions/362.html"],"unformattedDescription":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.","mitreText":"CVE-2026-32068","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-32068","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows SSDP Service","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.0","temporalScore":"6.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","https://cwe.mitre.org/data/definitions/362.html"]}],"articles":[{"title":"Windows SSDP Service Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>\n<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-32068","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"6f071222-e01c-f111-93f8-000d3afbc7d7"}]},{"id":"00000000-0000-0000-0000-000019289bd1","releaseDate":"2026-04-14T07:00:00-07:00","cveNumber":"CVE-2026-27930","cveTitle":"Windows GDI Information Disclosure Vulnerability","releaseNumber":"2026-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2026-04-14T07:00:00-07:00","description":"<p>Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.</p>\n","cweList":["CWE-125: Out-of-bounds Read"],"cweDetailsListForSearch":["cwe: CWE-125: Out-of-bounds Read","cweUrl: https://cwe.mitre.org/data/definitions/125.html"],"unformattedDescription":"Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.","mitreText":"CVE-2026-27930","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-27930","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows GDI","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"5.5","temporalScore":"4.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-125: Out-of-bounds Read","https://cwe.mitre.org/data/definitions/125.html"]}],"articles":[{"title":"Windows GDI Information Disclosure Vulnerability","articleType":"100000000","description":"<p>Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>\n<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>This vulnerability may allow an attacker to access small portions of memory from the affected application when it processes a specially crafted Enhanced Metafile (EMF). This issue is an out\u2011of\u2011bounds read, any disclosure would be limited to whatever data happens to reside in adjacent memory at the time.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>The user would have to open or preview content that contains the malicious Enhanced Metafile (EMF).</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-27930","version":1,"revisionDate":"2026-04-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"604a6dd4-df1c-f111-93f8-000d3afbc7d7"}]}],"@odata.nextLink":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/vulnerability?$orderby=releaseDate%20desc&$top=200&$skip=200"}